OLD | NEW |
---|---|
1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
4 | 4 |
5 /* | 5 /* |
6 * Moved from secpkcs7.c | 6 * Moved from secpkcs7.c |
7 */ | 7 */ |
8 | 8 |
9 #include "cert.h" | 9 #include "cert.h" |
10 #include "certi.h" | 10 #include "certi.h" |
(...skipping 609 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
620 } | 620 } |
621 | 621 |
622 | 622 |
623 CERTSignedCrl * | 623 CERTSignedCrl * |
624 crl_storeCRL (PK11SlotInfo *slot,char *url, | 624 crl_storeCRL (PK11SlotInfo *slot,char *url, |
625 CERTSignedCrl *newCrl, SECItem *derCrl, int type) | 625 CERTSignedCrl *newCrl, SECItem *derCrl, int type) |
626 { | 626 { |
627 CERTSignedCrl *oldCrl = NULL, *crl = NULL; | 627 CERTSignedCrl *oldCrl = NULL, *crl = NULL; |
628 PRBool deleteOldCrl = PR_FALSE; | 628 PRBool deleteOldCrl = PR_FALSE; |
629 CK_OBJECT_HANDLE crlHandle = CK_INVALID_HANDLE; | 629 CK_OBJECT_HANDLE crlHandle = CK_INVALID_HANDLE; |
630 SECStatus rv; | |
631 | 630 |
632 PORT_Assert(newCrl); | 631 PORT_Assert(newCrl); |
633 PORT_Assert(derCrl); | 632 PORT_Assert(derCrl); |
634 PORT_Assert(type == SEC_CRL_TYPE); | 633 PORT_Assert(type == SEC_CRL_TYPE); |
635 | 634 |
636 if (type != SEC_CRL_TYPE) { | 635 if (type != SEC_CRL_TYPE) { |
637 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 636 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
638 return NULL; | 637 return NULL; |
639 } | 638 } |
640 | 639 |
641 /* we can't use the cache here because we must look in the same | 640 /* we can't use the cache here because we must look in the same |
642 token */ | 641 token */ |
643 rv = SEC_FindCrlByKeyOnSlot(slot, &newCrl->crl.derName, type, | 642 (void)SEC_FindCrlByKeyOnSlot(slot, &newCrl->crl.derName, type, |
644 &oldCrl, CRL_DECODE_SKIP_ENTRIES); | 643 &oldCrl, CRL_DECODE_SKIP_ENTRIES); |
645 /* if there is an old crl on the token, make sure the one we are | 644 /* if there is an old crl on the token, make sure the one we are |
646 installing is newer. If not, exit out, otherwise delete the | 645 installing is newer. If not, exit out, otherwise delete the |
647 old crl. | 646 old crl. |
648 */ | 647 */ |
649 if (oldCrl != NULL) { | 648 if (oldCrl != NULL) { |
650 /* if it's already there, quietly continue */ | 649 /* if it's already there, quietly continue */ |
651 if (SECITEM_CompareItem(newCrl->derCrl, oldCrl->derCrl) | 650 if (SECITEM_CompareItem(newCrl->derCrl, oldCrl->derCrl) |
652 == SECEqual) { | 651 == SECEqual) { |
653 crl = newCrl; | 652 crl = newCrl; |
654 crl->slot = PK11_ReferenceSlot(slot); | 653 crl->slot = PK11_ReferenceSlot(slot); |
(...skipping 2031 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2686 rv = SECFailure; | 2685 rv = SECFailure; |
2687 } | 2686 } |
2688 } | 2687 } |
2689 else | 2688 else |
2690 { | 2689 { |
2691 /* no revocation date, certificate is permanently revoked */ | 2690 /* no revocation date, certificate is permanently revoked */ |
2692 rv = SECFailure; | 2691 rv = SECFailure; |
2693 } | 2692 } |
2694 if (SECFailure == rv) | 2693 if (SECFailure == rv) |
2695 { | 2694 { |
2696 SECStatus rv2 = CERT_FindCRLEntryReasonExten(entry, &reason); | 2695 (void)CERT_FindCRLEntryReasonExten(entry, &reason); |
2697 PORT_SetError(SEC_ERROR_REVOKED_CERTIFICATE); | 2696 PORT_SetError(SEC_ERROR_REVOKED_CERTIFICATE); |
2698 } | 2697 } |
2699 break; | 2698 break; |
2700 | 2699 |
2701 case dpcacheEmpty: | 2700 case dpcacheEmpty: |
2702 /* useful for NIST policy */ | 2701 /* useful for NIST policy */ |
2703 status = certRevocationStatusUnknown; | 2702 status = certRevocationStatusUnknown; |
2704 break; | 2703 break; |
2705 | 2704 |
2706 case dpcacheNoEntry: | 2705 case dpcacheNoEntry: |
(...skipping 336 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
3043 } | 3042 } |
3044 | 3043 |
3045 /* take ownership of CRL, and insert it into the named CRL cache | 3044 /* take ownership of CRL, and insert it into the named CRL cache |
3046 * and indexed CRL cache | 3045 * and indexed CRL cache |
3047 */ | 3046 */ |
3048 SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl, | 3047 SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl, |
3049 const SECItem* canonicalizedName) | 3048 const SECItem* canonicalizedName) |
3050 { | 3049 { |
3051 NamedCRLCacheEntry* oldEntry, * newEntry = NULL; | 3050 NamedCRLCacheEntry* oldEntry, * newEntry = NULL; |
3052 NamedCRLCache* ncc = NULL; | 3051 NamedCRLCache* ncc = NULL; |
3053 SECStatus rv = SECSuccess, rv2; | 3052 SECStatus rv = SECSuccess; |
3054 | 3053 |
3055 PORT_Assert(namedCRLCache.lock); | 3054 PORT_Assert(namedCRLCache.lock); |
3056 PORT_Assert(namedCRLCache.entries); | 3055 PORT_Assert(namedCRLCache.entries); |
3057 | 3056 |
3058 if (!crl || !canonicalizedName) | 3057 if (!crl || !canonicalizedName) |
3059 { | 3058 { |
3060 PORT_Assert(0); | 3059 PORT_Assert(0); |
3061 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 3060 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
3062 return SECFailure; | 3061 return SECFailure; |
3063 } | 3062 } |
(...skipping 17 matching lines...) Expand all Loading... | |
3081 &newEntry) ) | 3080 &newEntry) ) |
3082 { | 3081 { |
3083 if (!oldEntry) | 3082 if (!oldEntry) |
3084 { | 3083 { |
3085 /* add new good entry to the hash table */ | 3084 /* add new good entry to the hash table */ |
3086 if (NULL == PL_HashTableAdd(namedCRLCache.entries, | 3085 if (NULL == PL_HashTableAdd(namedCRLCache.entries, |
3087 (void*) newEntry->canonicalizedName, | 3086 (void*) newEntry->canonicalizedName, |
3088 (void*) newEntry)) | 3087 (void*) newEntry)) |
3089 { | 3088 { |
3090 PORT_Assert(0); | 3089 PORT_Assert(0); |
3091 rv2 = NamedCRLCacheEntry_Destroy(newEntry); | 3090 NamedCRLCacheEntry_Destroy(newEntry); |
davidben
2015/12/11 22:10:58
[Why didn't they PORT_CheckSuccess this one too? O
| |
3092 PORT_Assert(SECSuccess == rv2); | |
3093 rv = SECFailure; | 3091 rv = SECFailure; |
3094 } | 3092 } |
3095 } | 3093 } |
3096 else | 3094 else |
3097 { | 3095 { |
3098 PRBool removed; | 3096 PRBool removed; |
3099 /* remove the old CRL from the cache if needed */ | 3097 /* remove the old CRL from the cache if needed */ |
3100 if (oldEntry->inCRLCache) | 3098 if (oldEntry->inCRLCache) |
3101 { | 3099 { |
3102 rv = CERT_UncacheCRL(dbhandle, oldEntry->crl); | 3100 rv = CERT_UncacheCRL(dbhandle, oldEntry->crl); |
3103 PORT_Assert(SECSuccess == rv); | 3101 PORT_Assert(SECSuccess == rv); |
3104 } | 3102 } |
3105 removed = PL_HashTableRemove(namedCRLCache.entries, | 3103 removed = PL_HashTableRemove(namedCRLCache.entries, |
3106 (void*) oldEntry->canonicalizedName); | 3104 (void*) oldEntry->canonicalizedName); |
3107 PORT_Assert(removed); | 3105 PORT_Assert(removed); |
3108 if (!removed) | 3106 if (!removed) |
3109 { | 3107 { |
3110 rv = SECFailure; | 3108 rv = SECFailure; |
3111 /* leak old entry since we couldn't remove it from the hash tabl e */ | 3109 /* leak old entry since we couldn't remove it from the hash tabl e */ |
3112 } | 3110 } |
3113 else | 3111 else |
3114 { | 3112 { |
3115 rv2 = NamedCRLCacheEntry_Destroy(oldEntry); | 3113 PORT_CheckSuccess(NamedCRLCacheEntry_Destroy(oldEntry)); |
3116 PORT_Assert(SECSuccess == rv2); | |
3117 } | 3114 } |
3118 if (NULL == PL_HashTableAdd(namedCRLCache.entries, | 3115 if (NULL == PL_HashTableAdd(namedCRLCache.entries, |
3119 (void*) newEntry->canonicalizedName, | 3116 (void*) newEntry->canonicalizedName, |
3120 (void*) newEntry)) | 3117 (void*) newEntry)) |
3121 { | 3118 { |
3122 PORT_Assert(0); | 3119 PORT_Assert(0); |
3123 rv = SECFailure; | 3120 rv = SECFailure; |
3124 } | 3121 } |
3125 } | 3122 } |
3126 } else | 3123 } else |
(...skipping 26 matching lines...) Expand all Loading... | |
3153 PRBool removed = PL_HashTableRemove(namedCRLCache.entries, | 3150 PRBool removed = PL_HashTableRemove(namedCRLCache.entries, |
3154 (void*) oldEntry->canonicalizedName); | 3151 (void*) oldEntry->canonicalizedName); |
3155 PORT_Assert(removed); | 3152 PORT_Assert(removed); |
3156 if (!removed) | 3153 if (!removed) |
3157 { | 3154 { |
3158 /* leak old entry since we couldn't remove it from the hash table */ | 3155 /* leak old entry since we couldn't remove it from the hash table */ |
3159 rv = SECFailure; | 3156 rv = SECFailure; |
3160 } | 3157 } |
3161 else | 3158 else |
3162 { | 3159 { |
3163 rv2 = NamedCRLCacheEntry_Destroy(oldEntry); | 3160 PORT_CheckSuccess(NamedCRLCacheEntry_Destroy(oldEntry)); |
3164 PORT_Assert(SECSuccess == rv2); | |
3165 } | 3161 } |
3166 if (NULL == PL_HashTableAdd(namedCRLCache.entries, | 3162 if (NULL == PL_HashTableAdd(namedCRLCache.entries, |
3167 (void*) newEntry->canonicalizedName, | 3163 (void*) newEntry->canonicalizedName, |
3168 (void*) newEntry)) | 3164 (void*) newEntry)) |
3169 { | 3165 { |
3170 PORT_Assert(0); | 3166 PORT_Assert(0); |
3171 rv = SECFailure; | 3167 rv = SECFailure; |
3172 } | 3168 } |
3173 } | 3169 } |
3174 } | 3170 } |
3175 } | 3171 } |
3176 rv2 = cert_ReleaseNamedCRLCache(ncc); | 3172 PORT_CheckSuccess(cert_ReleaseNamedCRLCache(ncc)); |
3177 PORT_Assert(SECSuccess == rv2); | |
3178 | 3173 |
3179 return rv; | 3174 return rv; |
3180 } | 3175 } |
3181 | 3176 |
3182 static SECStatus CachedCrl_Create(CachedCrl** returned, CERTSignedCrl* crl, | 3177 static SECStatus CachedCrl_Create(CachedCrl** returned, CERTSignedCrl* crl, |
3183 CRLOrigin origin) | 3178 CRLOrigin origin) |
3184 { | 3179 { |
3185 CachedCrl* newcrl = NULL; | 3180 CachedCrl* newcrl = NULL; |
3186 if (!returned) | 3181 if (!returned) |
3187 { | 3182 { |
(...skipping 182 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
3370 to CERT_CacheCRL previously. That API takes a SECItem*, thus, we | 3365 to CERT_CacheCRL previously. That API takes a SECItem*, thus, we |
3371 just do a pointer comparison here. | 3366 just do a pointer comparison here. |
3372 */ | 3367 */ |
3373 if (b->crl->derCrl == a->crl->derCrl) | 3368 if (b->crl->derCrl == a->crl->derCrl) |
3374 { | 3369 { |
3375 *isDupe = PR_TRUE; | 3370 *isDupe = PR_TRUE; |
3376 } | 3371 } |
3377 } | 3372 } |
3378 return SECSuccess; | 3373 return SECSuccess; |
3379 } | 3374 } |
OLD | NEW |