Chromium Code Reviews Chromium Code Reviews
Issue 1504923011:
Update NSS to 3.21 RTM and NSPR to 4.11 RTM (Closed)
Base URL: http://src.chromium.org/svn/trunk/deps/third_party/nss| OLD | NEW |
|---|---|
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 4 | 4 |
| 5 /* | 5 /* |
| 6 * Moved from secpkcs7.c | 6 * Moved from secpkcs7.c |
| 7 */ | 7 */ |
| 8 | 8 |
| 9 #include "cert.h" | 9 #include "cert.h" |
| 10 #include "certi.h" | 10 #include "certi.h" |
| (...skipping 609 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 620 } | 620 } |
| 621 | 621 |
| 622 | 622 |
| 623 CERTSignedCrl * | 623 CERTSignedCrl * |
| 624 crl_storeCRL (PK11SlotInfo *slot,char *url, | 624 crl_storeCRL (PK11SlotInfo *slot,char *url, |
| 625 CERTSignedCrl *newCrl, SECItem *derCrl, int type) | 625 CERTSignedCrl *newCrl, SECItem *derCrl, int type) |
| 626 { | 626 { |
| 627 CERTSignedCrl *oldCrl = NULL, *crl = NULL; | 627 CERTSignedCrl *oldCrl = NULL, *crl = NULL; |
| 628 PRBool deleteOldCrl = PR_FALSE; | 628 PRBool deleteOldCrl = PR_FALSE; |
| 629 CK_OBJECT_HANDLE crlHandle = CK_INVALID_HANDLE; | 629 CK_OBJECT_HANDLE crlHandle = CK_INVALID_HANDLE; |
| 630 SECStatus rv; | |
| 631 | 630 |
| 632 PORT_Assert(newCrl); | 631 PORT_Assert(newCrl); |
| 633 PORT_Assert(derCrl); | 632 PORT_Assert(derCrl); |
| 634 PORT_Assert(type == SEC_CRL_TYPE); | 633 PORT_Assert(type == SEC_CRL_TYPE); |
| 635 | 634 |
| 636 if (type != SEC_CRL_TYPE) { | 635 if (type != SEC_CRL_TYPE) { |
| 637 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 636 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 638 return NULL; | 637 return NULL; |
| 639 } | 638 } |
| 640 | 639 |
| 641 /* we can't use the cache here because we must look in the same | 640 /* we can't use the cache here because we must look in the same |
| 642 token */ | 641 token */ |
| 643 rv = SEC_FindCrlByKeyOnSlot(slot, &newCrl->crl.derName, type, | 642 (void)SEC_FindCrlByKeyOnSlot(slot, &newCrl->crl.derName, type, |
| 644 &oldCrl, CRL_DECODE_SKIP_ENTRIES); | 643 &oldCrl, CRL_DECODE_SKIP_ENTRIES); |
| 645 /* if there is an old crl on the token, make sure the one we are | 644 /* if there is an old crl on the token, make sure the one we are |
| 646 installing is newer. If not, exit out, otherwise delete the | 645 installing is newer. If not, exit out, otherwise delete the |
| 647 old crl. | 646 old crl. |
| 648 */ | 647 */ |
| 649 if (oldCrl != NULL) { | 648 if (oldCrl != NULL) { |
| 650 /* if it's already there, quietly continue */ | 649 /* if it's already there, quietly continue */ |
| 651 if (SECITEM_CompareItem(newCrl->derCrl, oldCrl->derCrl) | 650 if (SECITEM_CompareItem(newCrl->derCrl, oldCrl->derCrl) |
| 652 == SECEqual) { | 651 == SECEqual) { |
| 653 crl = newCrl; | 652 crl = newCrl; |
| 654 crl->slot = PK11_ReferenceSlot(slot); | 653 crl->slot = PK11_ReferenceSlot(slot); |
| (...skipping 2031 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 2686 rv = SECFailure; | 2685 rv = SECFailure; |
| 2687 } | 2686 } |
| 2688 } | 2687 } |
| 2689 else | 2688 else |
| 2690 { | 2689 { |
| 2691 /* no revocation date, certificate is permanently revoked */ | 2690 /* no revocation date, certificate is permanently revoked */ |
| 2692 rv = SECFailure; | 2691 rv = SECFailure; |
| 2693 } | 2692 } |
| 2694 if (SECFailure == rv) | 2693 if (SECFailure == rv) |
| 2695 { | 2694 { |
| 2696 SECStatus rv2 = CERT_FindCRLEntryReasonExten(entry, &reason); | 2695 (void)CERT_FindCRLEntryReasonExten(entry, &reason); |
| 2697 PORT_SetError(SEC_ERROR_REVOKED_CERTIFICATE); | 2696 PORT_SetError(SEC_ERROR_REVOKED_CERTIFICATE); |
| 2698 } | 2697 } |
| 2699 break; | 2698 break; |
| 2700 | 2699 |
| 2701 case dpcacheEmpty: | 2700 case dpcacheEmpty: |
| 2702 /* useful for NIST policy */ | 2701 /* useful for NIST policy */ |
| 2703 status = certRevocationStatusUnknown; | 2702 status = certRevocationStatusUnknown; |
| 2704 break; | 2703 break; |
| 2705 | 2704 |
| 2706 case dpcacheNoEntry: | 2705 case dpcacheNoEntry: |
| (...skipping 336 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 3043 } | 3042 } |
| 3044 | 3043 |
| 3045 /* take ownership of CRL, and insert it into the named CRL cache | 3044 /* take ownership of CRL, and insert it into the named CRL cache |
| 3046 * and indexed CRL cache | 3045 * and indexed CRL cache |
| 3047 */ | 3046 */ |
| 3048 SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl, | 3047 SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl, |
| 3049 const SECItem* canonicalizedName) | 3048 const SECItem* canonicalizedName) |
| 3050 { | 3049 { |
| 3051 NamedCRLCacheEntry* oldEntry, * newEntry = NULL; | 3050 NamedCRLCacheEntry* oldEntry, * newEntry = NULL; |
| 3052 NamedCRLCache* ncc = NULL; | 3051 NamedCRLCache* ncc = NULL; |
| 3053 SECStatus rv = SECSuccess, rv2; | 3052 SECStatus rv = SECSuccess; |
| 3054 | 3053 |
| 3055 PORT_Assert(namedCRLCache.lock); | 3054 PORT_Assert(namedCRLCache.lock); |
| 3056 PORT_Assert(namedCRLCache.entries); | 3055 PORT_Assert(namedCRLCache.entries); |
| 3057 | 3056 |
| 3058 if (!crl || !canonicalizedName) | 3057 if (!crl || !canonicalizedName) |
| 3059 { | 3058 { |
| 3060 PORT_Assert(0); | 3059 PORT_Assert(0); |
| 3061 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 3060 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 3062 return SECFailure; | 3061 return SECFailure; |
| 3063 } | 3062 } |
| (...skipping 17 matching lines...) Expand all Loading... | |
| 3081 &newEntry) ) | 3080 &newEntry) ) |
| 3082 { | 3081 { |
| 3083 if (!oldEntry) | 3082 if (!oldEntry) |
| 3084 { | 3083 { |
| 3085 /* add new good entry to the hash table */ | 3084 /* add new good entry to the hash table */ |
| 3086 if (NULL == PL_HashTableAdd(namedCRLCache.entries, | 3085 if (NULL == PL_HashTableAdd(namedCRLCache.entries, |
| 3087 (void*) newEntry->canonicalizedName, | 3086 (void*) newEntry->canonicalizedName, |
| 3088 (void*) newEntry)) | 3087 (void*) newEntry)) |
| 3089 { | 3088 { |
| 3090 PORT_Assert(0); | 3089 PORT_Assert(0); |
| 3091 rv2 = NamedCRLCacheEntry_Destroy(newEntry); | 3090 NamedCRLCacheEntry_Destroy(newEntry); |
|
davidben
2015/12/11 22:10:58
[Why didn't they PORT_CheckSuccess this one too? O
| |
| 3092 PORT_Assert(SECSuccess == rv2); | |
| 3093 rv = SECFailure; | 3091 rv = SECFailure; |
| 3094 } | 3092 } |
| 3095 } | 3093 } |
| 3096 else | 3094 else |
| 3097 { | 3095 { |
| 3098 PRBool removed; | 3096 PRBool removed; |
| 3099 /* remove the old CRL from the cache if needed */ | 3097 /* remove the old CRL from the cache if needed */ |
| 3100 if (oldEntry->inCRLCache) | 3098 if (oldEntry->inCRLCache) |
| 3101 { | 3099 { |
| 3102 rv = CERT_UncacheCRL(dbhandle, oldEntry->crl); | 3100 rv = CERT_UncacheCRL(dbhandle, oldEntry->crl); |
| 3103 PORT_Assert(SECSuccess == rv); | 3101 PORT_Assert(SECSuccess == rv); |
| 3104 } | 3102 } |
| 3105 removed = PL_HashTableRemove(namedCRLCache.entries, | 3103 removed = PL_HashTableRemove(namedCRLCache.entries, |
| 3106 (void*) oldEntry->canonicalizedName); | 3104 (void*) oldEntry->canonicalizedName); |
| 3107 PORT_Assert(removed); | 3105 PORT_Assert(removed); |
| 3108 if (!removed) | 3106 if (!removed) |
| 3109 { | 3107 { |
| 3110 rv = SECFailure; | 3108 rv = SECFailure; |
| 3111 /* leak old entry since we couldn't remove it from the hash tabl e */ | 3109 /* leak old entry since we couldn't remove it from the hash tabl e */ |
| 3112 } | 3110 } |
| 3113 else | 3111 else |
| 3114 { | 3112 { |
| 3115 rv2 = NamedCRLCacheEntry_Destroy(oldEntry); | 3113 PORT_CheckSuccess(NamedCRLCacheEntry_Destroy(oldEntry)); |
| 3116 PORT_Assert(SECSuccess == rv2); | |
| 3117 } | 3114 } |
| 3118 if (NULL == PL_HashTableAdd(namedCRLCache.entries, | 3115 if (NULL == PL_HashTableAdd(namedCRLCache.entries, |
| 3119 (void*) newEntry->canonicalizedName, | 3116 (void*) newEntry->canonicalizedName, |
| 3120 (void*) newEntry)) | 3117 (void*) newEntry)) |
| 3121 { | 3118 { |
| 3122 PORT_Assert(0); | 3119 PORT_Assert(0); |
| 3123 rv = SECFailure; | 3120 rv = SECFailure; |
| 3124 } | 3121 } |
| 3125 } | 3122 } |
| 3126 } else | 3123 } else |
| (...skipping 26 matching lines...) Expand all Loading... | |
| 3153 PRBool removed = PL_HashTableRemove(namedCRLCache.entries, | 3150 PRBool removed = PL_HashTableRemove(namedCRLCache.entries, |
| 3154 (void*) oldEntry->canonicalizedName); | 3151 (void*) oldEntry->canonicalizedName); |
| 3155 PORT_Assert(removed); | 3152 PORT_Assert(removed); |
| 3156 if (!removed) | 3153 if (!removed) |
| 3157 { | 3154 { |
| 3158 /* leak old entry since we couldn't remove it from the hash table */ | 3155 /* leak old entry since we couldn't remove it from the hash table */ |
| 3159 rv = SECFailure; | 3156 rv = SECFailure; |
| 3160 } | 3157 } |
| 3161 else | 3158 else |
| 3162 { | 3159 { |
| 3163 rv2 = NamedCRLCacheEntry_Destroy(oldEntry); | 3160 PORT_CheckSuccess(NamedCRLCacheEntry_Destroy(oldEntry)); |
| 3164 PORT_Assert(SECSuccess == rv2); | |
| 3165 } | 3161 } |
| 3166 if (NULL == PL_HashTableAdd(namedCRLCache.entries, | 3162 if (NULL == PL_HashTableAdd(namedCRLCache.entries, |
| 3167 (void*) newEntry->canonicalizedName, | 3163 (void*) newEntry->canonicalizedName, |
| 3168 (void*) newEntry)) | 3164 (void*) newEntry)) |
| 3169 { | 3165 { |
| 3170 PORT_Assert(0); | 3166 PORT_Assert(0); |
| 3171 rv = SECFailure; | 3167 rv = SECFailure; |
| 3172 } | 3168 } |
| 3173 } | 3169 } |
| 3174 } | 3170 } |
| 3175 } | 3171 } |
| 3176 rv2 = cert_ReleaseNamedCRLCache(ncc); | 3172 PORT_CheckSuccess(cert_ReleaseNamedCRLCache(ncc)); |
| 3177 PORT_Assert(SECSuccess == rv2); | |
| 3178 | 3173 |
| 3179 return rv; | 3174 return rv; |
| 3180 } | 3175 } |
| 3181 | 3176 |
| 3182 static SECStatus CachedCrl_Create(CachedCrl** returned, CERTSignedCrl* crl, | 3177 static SECStatus CachedCrl_Create(CachedCrl** returned, CERTSignedCrl* crl, |
| 3183 CRLOrigin origin) | 3178 CRLOrigin origin) |
| 3184 { | 3179 { |
| 3185 CachedCrl* newcrl = NULL; | 3180 CachedCrl* newcrl = NULL; |
| 3186 if (!returned) | 3181 if (!returned) |
| 3187 { | 3182 { |
| (...skipping 182 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 3370 to CERT_CacheCRL previously. That API takes a SECItem*, thus, we | 3365 to CERT_CacheCRL previously. That API takes a SECItem*, thus, we |
| 3371 just do a pointer comparison here. | 3366 just do a pointer comparison here. |
| 3372 */ | 3367 */ |
| 3373 if (b->crl->derCrl == a->crl->derCrl) | 3368 if (b->crl->derCrl == a->crl->derCrl) |
| 3374 { | 3369 { |
| 3375 *isDupe = PR_TRUE; | 3370 *isDupe = PR_TRUE; |
| 3376 } | 3371 } |
| 3377 } | 3372 } |
| 3378 return SECSuccess; | 3373 return SECSuccess; |
| 3379 } | 3374 } |
| OLD | NEW |
