Update NSPR to 4.12 and NSS to 3.23 on iOS

nss/lib/certhigh/certreq.c

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "cert.h"
 #include "certt.h"
 #include "secder.h"
 #include "key.h"
 #include "secitem.h"
 #include "secasn1.h"
 #include "secerr.h"
 
 SEC_ASN1_MKSUB(SEC_AnyTemplate)
 
 const SEC_ASN1Template CERT_AttributeTemplate[] = {
     { SEC_ASN1_SEQUENCE,
-        0, NULL, sizeof(CERTAttribute) },
+      0, NULL, sizeof(CERTAttribute) },
     { SEC_ASN1_OBJECT_ID, offsetof(CERTAttribute, attrType) },
     { SEC_ASN1_SET_OF | SEC_ASN1_XTRN, offsetof(CERTAttribute, attrValue),
-        SEC_ASN1_SUB(SEC_AnyTemplate) },
+      SEC_ASN1_SUB(SEC_AnyTemplate) },
     { 0 }
 };
 
 const SEC_ASN1Template CERT_SetOfAttributeTemplate[] = {
     { SEC_ASN1_SET_OF, 0, CERT_AttributeTemplate },
 };
 
 const SEC_ASN1Template CERT_CertificateRequestTemplate[] = {
     { SEC_ASN1_SEQUENCE,
-          0, NULL, sizeof(CERTCertificateRequest) },
+      0, NULL, sizeof(CERTCertificateRequest) },
     { SEC_ASN1_INTEGER,
-          offsetof(CERTCertificateRequest,version) },
+      offsetof(CERTCertificateRequest, version) },
     { SEC_ASN1_INLINE,
-          offsetof(CERTCertificateRequest,subject),
-          CERT_NameTemplate },
+      offsetof(CERTCertificateRequest, subject),
+      CERT_NameTemplate },
     { SEC_ASN1_INLINE,
-          offsetof(CERTCertificateRequest,subjectPublicKeyInfo),
-          CERT_SubjectPublicKeyInfoTemplate },
+      offsetof(CERTCertificateRequest, subjectPublicKeyInfo),
+      CERT_SubjectPublicKeyInfoTemplate },
     { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
-          offsetof(CERTCertificateRequest,attributes), 
-          CERT_SetOfAttributeTemplate },
+      offsetof(CERTCertificateRequest, attributes),
+      CERT_SetOfAttributeTemplate },
     { 0 }
 };
 
 SEC_ASN1_CHOOSER_IMPLEMENT(CERT_CertificateRequestTemplate)
 
 CERTCertificate *
 CERT_CreateCertificate(unsigned long serialNumber,
-                      CERTName *issuer,
-                      CERTValidity *validity,
-                      CERTCertificateRequest *req)
+                       CERTName *issuer,
+                       CERTValidity *validity,
+                       CERTCertificateRequest *req)
 {
     CERTCertificate *c;
     int rv;
     PLArenaPool *arena;
-    
+
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-    
-    if ( !arena ) {
-        return(0);
+
+    if (!arena) {
+        return (0);
     }
 
     c = (CERTCertificate *)PORT_ArenaZAlloc(arena, sizeof(CERTCertificate));
-    
+
     if (!c) {
-        PORT_FreeArena(arena, PR_FALSE);
-        return 0;
+        PORT_FreeArena(arena, PR_FALSE);
+        return 0;
     }
 
     c->referenceCount = 1;
     c->arena = arena;
 
     /*
      * Default is a plain version 1.
      * If extensions are added, it will get changed as appropriate.
      */
     rv = DER_SetUInteger(arena, &c->version, SEC_CERTIFICATE_VERSION_1);
-    if (rv) goto loser;
+    if (rv)
+        goto loser;
 
     rv = DER_SetUInteger(arena, &c->serialNumber, serialNumber);
-    if (rv) goto loser;
+    if (rv)
+        goto loser;
 
     rv = CERT_CopyName(arena, &c->issuer, issuer);
-    if (rv) goto loser;
+    if (rv)
+        goto loser;
 
     rv = CERT_CopyValidity(arena, &c->validity, validity);
-    if (rv) goto loser;
+    if (rv)
+        goto loser;
 
     rv = CERT_CopyName(arena, &c->subject, &req->subject);
-    if (rv) goto loser;
+    if (rv)
+        goto loser;
     rv = SECKEY_CopySubjectPublicKeyInfo(arena, &c->subjectPublicKeyInfo,
-                                         &req->subjectPublicKeyInfo);
-    if (rv) goto loser;
+                                         &req->subjectPublicKeyInfo);
+    if (rv)
+        goto loser;
 
     return c;
 
- loser:
+loser:
     CERT_DestroyCertificate(c);
     return 0;
 }
 
 /************************************************************************/
-/* It's clear from the comments that the original author of this 
+/* It's clear from the comments that the original author of this
  * function expected the template for certificate requests to treat
- * the attributes as a SET OF ANY.  This function expected to be 
+ * the attributes as a SET OF ANY.  This function expected to be
  * passed an array of SECItems each of which contained an already encoded
- * Attribute.  But the cert request template does not treat the 
+ * Attribute.  But the cert request template does not treat the
  * Attributes as a SET OF ANY, and AFAIK never has.  Instead the template
  * encodes attributes as a SET OF xxxxxxx.  That is, it expects to encode
- * each of the Attributes, not have them pre-encoded.  Consequently an 
- * array of SECItems containing encoded Attributes is of no value to this 
+ * each of the Attributes, not have them pre-encoded.  Consequently an
+ * array of SECItems containing encoded Attributes is of no value to this
  * function.  But we cannot change the signature of this public function.
  * It must continue to take SECItems.
  *
- * I have recoded this function so that each SECItem contains an 
+ * I have recoded this function so that each SECItem contains an
  * encoded cert extension.  The encoded cert extensions form the list for the
  * single attribute of the cert request. In this implementation there is at most
  * one attribute and it is always of type SEC_OID_PKCS9_EXTENSION_REQUEST.
  */
 
 CERTCertificateRequest *
 CERT_CreateCertificateRequest(CERTName *subject,
-                             CERTSubjectPublicKeyInfo *spki,
-                             SECItem **attributes)
+                              CERTSubjectPublicKeyInfo *spki,
+                              SECItem **attributes)
 {
     CERTCertificateRequest *certreq;
     PLArenaPool *arena;
-    CERTAttribute * attribute;
-    SECOidData * oidData;
+    CERTAttribute *attribute;
+    SECOidData *oidData;
     SECStatus rv;
     int i = 0;
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-    if ( arena == NULL ) {
-        return NULL;
+    if (arena == NULL) {
+        return NULL;
     }
-    
+
     certreq = PORT_ArenaZNew(arena, CERTCertificateRequest);
     if (!certreq) {
-        PORT_FreeArena(arena, PR_FALSE);
-        return NULL;
+        PORT_FreeArena(arena, PR_FALSE);
+        return NULL;
     }
     /* below here it is safe to goto loser */
 
     certreq->arena = arena;
-    
+
     rv = DER_SetUInteger(arena, &certreq->version,
-                         SEC_CERTIFICATE_REQUEST_VERSION);
+                         SEC_CERTIFICATE_REQUEST_VERSION);
     if (rv != SECSuccess)
-        goto loser;
+        goto loser;
 
     rv = CERT_CopyName(arena, &certreq->subject, subject);
     if (rv != SECSuccess)
-        goto loser;
+        goto loser;
 
     rv = SECKEY_CopySubjectPublicKeyInfo(arena,
-                                      &certreq->subjectPublicKeyInfo,
-                                      spki);
+                                         &certreq->subjectPublicKeyInfo,
+                                         spki);
     if (rv != SECSuccess)
-        goto loser;
+        goto loser;
 
-    certreq->attributes = PORT_ArenaZNewArray(arena, CERTAttribute*, 2);
-    if(!certreq->attributes) 
-        goto loser;
+    certreq->attributes = PORT_ArenaZNewArray(arena, CERTAttribute *, 2);
+    if (!certreq->attributes)
+        goto loser;
 
     /* Copy over attribute information */
     if (!attributes || !attributes[0]) {
-        /*
+        /*
          ** Invent empty attribute information. According to the
          ** pkcs#10 spec, attributes has this ASN.1 type:
          **
          ** attributes [0] IMPLICIT Attributes
-         ** 
+         **
          ** Which means, we should create a NULL terminated list
          ** with the first entry being NULL;
          */
-        certreq->attributes[0] = NULL;
-        return certreq;
-    }   
+        certreq->attributes[0] = NULL;
+        return certreq;
+    }
 
     /* allocate space for attributes */
     attribute = PORT_ArenaZNew(arena, CERTAttribute);
-    if (!attribute) 
-        goto loser;
+    if (!attribute)
+        goto loser;
 
-    oidData = SECOID_FindOIDByTag( SEC_OID_PKCS9_EXTENSION_REQUEST );
+    oidData = SECOID_FindOIDByTag(SEC_OID_PKCS9_EXTENSION_REQUEST);
     PORT_Assert(oidData);
     if (!oidData)
-        goto loser;
+        goto loser;
     rv = SECITEM_CopyItem(arena, &attribute->attrType, &oidData->oid);
     if (rv != SECSuccess)
-        goto loser;
+        goto loser;
 
-    for (i = 0; attributes[i] != NULL ; i++) 
-        ;
-    attribute->attrValue = PORT_ArenaZNewArray(arena, SECItem *, i+1);
-    if (!attribute->attrValue) 
-        goto loser;
+    for (i = 0; attributes[i] != NULL; i++)
+        ;
+    attribute->attrValue = PORT_ArenaZNewArray(arena, SECItem *, i + 1);
+    if (!attribute->attrValue)
+        goto loser;
 
     /* copy attributes */
     for (i = 0; attributes[i]; i++) {
-        /*
+        /*
         ** Attributes are a SetOf Attribute which implies
         ** lexigraphical ordering.  It is assumes that the
         ** attributes are passed in sorted.  If we need to
         ** add functionality to sort them, there is an
         ** example in the PKCS 7 code.
         */
-        attribute->attrValue[i] = SECITEM_ArenaDupItem(arena, attributes[i]);
-        if(!attribute->attrValue[i]) 
-            goto loser;
+        attribute->attrValue[i] = SECITEM_ArenaDupItem(arena, attributes[i]);
+        if (!attribute->attrValue[i])
+            goto loser;
     }
 
     certreq->attributes[0] = attribute;
 
     return certreq;
 
 loser:
     CERT_DestroyCertificateRequest(certreq);
     return NULL;
 }
 
 void
 CERT_DestroyCertificateRequest(CERTCertificateRequest *req)
 {
     if (req && req->arena) {
-        PORT_FreeArena(req->arena, PR_FALSE);
+        PORT_FreeArena(req->arena, PR_FALSE);
     }
     return;
 }
 
 static void
 setCRExt(void *o, CERTCertExtension **exts)
 {
     ((CERTCertificateRequest *)o)->attributes = (struct CERTAttributeStr **)exts;
 }
 
 /*
 ** Set up to start gathering cert extensions for a cert request.
 ** The list is created as CertExtensions and converted to an
 ** attribute list by CERT_FinishCRAttributes().
  */
 extern void *cert_StartExtensions(void *owner, PLArenaPool *ownerArena,
-                       void (*setExts)(void *object, CERTCertExtension **exts));
+                                  void (*setExts)(void *object, CERTCertExtension **exts));
 void *
 CERT_StartCertificateRequestAttributes(CERTCertificateRequest *req)
 {
-    return (cert_StartExtensions ((void *)req, req->arena, setCRExt));
+    return (cert_StartExtensions((void *)req, req->arena, setCRExt));
 }
 
 /*
 ** At entry req->attributes actually contains an list of cert extensions--
 ** req-attributes is overloaded until the list is DER encoded (the first
 ** ...EncodeItem() below).
 ** We turn this into an attribute list by encapsulating it
 ** in a PKCS 10 Attribute structure
  */
 SECStatus
 CERT_FinishCertificateRequestAttributes(CERTCertificateRequest *req)
-{   SECItem *extlist;
+{
+    SECItem *extlist;
     SECOidData *oidrec;
     CERTAttribute *attribute;
-   
+
     if (!req || !req->arena) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return SECFailure;
     }
     if (req->attributes == NULL || req->attributes[0] == NULL)
         return SECSuccess;
 
     extlist = SEC_ASN1EncodeItem(req->arena, NULL, &req->attributes,
-                            SEC_ASN1_GET(CERT_SequenceOfCertExtensionTemplate));
+                                 SEC_ASN1_GET(CERT_SequenceOfCertExtensionTemplate));
     if (extlist == NULL)
-        return(SECFailure);
+        return (SECFailure);
 
     oidrec = SECOID_FindOIDByTag(SEC_OID_PKCS9_EXTENSION_REQUEST);
     if (oidrec == NULL)
-        return SECFailure;
+        return SECFailure;
 
     /* now change the list of cert extensions into a list of attributes
      */
-    req->attributes = PORT_ArenaZNewArray(req->arena, CERTAttribute*, 2);
+    req->attributes = PORT_ArenaZNewArray(req->arena, CERTAttribute *, 2);
 
     attribute = PORT_ArenaZNew(req->arena, CERTAttribute);
-    
+
     if (req->attributes == NULL || attribute == NULL ||
         SECITEM_CopyItem(req->arena, &attribute->attrType, &oidrec->oid) != 0) {
         PORT_SetError(SEC_ERROR_NO_MEMORY);
-        return SECFailure;
+        return SECFailure;
     }
-    attribute->attrValue = PORT_ArenaZNewArray(req->arena, SECItem*, 2);
+    attribute->attrValue = PORT_ArenaZNewArray(req->arena, SECItem *, 2);
 
     if (attribute->attrValue == NULL)
         return SECFailure;
 
     attribute->attrValue[0] = extlist;
     attribute->attrValue[1] = NULL;
     req->attributes[0] = attribute;
     req->attributes[1] = NULL;
 
     return SECSuccess;
 }
 
 SECStatus
 CERT_GetCertificateRequestExtensions(CERTCertificateRequest *req,
-                                        CERTCertExtension ***exts)
+                                     CERTCertExtension ***exts)
 {
     if (req == NULL || exts == NULL) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-    
-    if (req->attributes == NULL || *req->attributes == NULL)
-        return SECSuccess;
-    
-    if ((*req->attributes)->attrValue == NULL) {
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return SECFailure;
     }
 
-    return(SEC_ASN1DecodeItem(req->arena, exts, 
-            SEC_ASN1_GET(CERT_SequenceOfCertExtensionTemplate),
-            (*req->attributes)->attrValue[0]));
+    if (req->attributes == NULL || *req->attributes == NULL)
+        return SECSuccess;
+
+    if ((*req->attributes)->attrValue == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    return (SEC_ASN1DecodeItem(req->arena, exts,
+                               SEC_ASN1_GET(CERT_SequenceOfCertExtensionTemplate),
+                               (*req->attributes)->attrValue[0]));
 }