Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(54)

Unified Diff: nss/lib/util/quickder.c

Issue 2078763002: Delete bundled copy of NSS and replace with README. (Closed) Base URL: https://chromium.googlesource.com/chromium/deps/nss@master
Patch Set: Delete bundled copy of NSS and replace with README. Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « nss/lib/util/portreg.c ('k') | nss/lib/util/secalgid.c » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: nss/lib/util/quickder.c
diff --git a/nss/lib/util/quickder.c b/nss/lib/util/quickder.c
deleted file mode 100644
index fe72b293a9eaff14b5001c3c29717830910ce4e3..0000000000000000000000000000000000000000
--- a/nss/lib/util/quickder.c
+++ /dev/null
@@ -1,946 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-/*
- Optimized ASN.1 DER decoder
-
-*/
-
-#include "secerr.h"
-#include "secasn1.h" /* for SEC_ASN1GetSubtemplate */
-#include "secitem.h"
-
-/*
- * simple definite-length ASN.1 decoder
- */
-
-static unsigned char* definite_length_decoder(const unsigned char *buf,
- const unsigned int buf_length,
- unsigned int *out_data_length,
- PRBool includeTag)
-{
- unsigned char tag;
- unsigned int used_length = 0;
- unsigned int data_length = 0;
- unsigned char length_field_len = 0;
- unsigned char byte;
- unsigned int i;
-
- if (used_length >= buf_length)
- {
- /* Tag field was not found! */
- return NULL;
- }
- tag = buf[used_length++];
-
- if (tag == 0)
- {
- /* End-of-contents octects should not be present in DER because
- DER doesn't use the indefinite length form. */
- return NULL;
- }
-
- if ((tag & 0x1F) == 0x1F)
- {
- /* High tag number (a tag number > 30) is not supported */
- return NULL;
- }
-
- if (used_length >= buf_length)
- {
- /* Length field was not found! */
- return NULL;
- }
- byte = buf[used_length++];
-
- if (!(byte & 0x80))
- {
- /* Short form: The high bit is not set. */
- data_length = byte; /* clarity; we're returning a 32-bit int. */
- }
- else
- {
- /* Long form. Extract the field length */
- length_field_len = byte & 0x7F;
- if (length_field_len == 0)
- {
- /* DER doesn't use the indefinite length form. */
- return NULL;
- }
-
- if (length_field_len > sizeof(data_length))
- {
- /* We don't support an extended length field longer than
- 4 bytes (2^32) */
- return NULL;
- }
-
- if (length_field_len > (buf_length - used_length))
- {
- /* Extended length field was not found */
- return NULL;
- }
-
- /* Iterate across the extended length field */
- for (i = 0; i < length_field_len; i++)
- {
- byte = buf[used_length++];
- data_length = (data_length << 8) | byte;
-
- if (i == 0)
- {
- PRBool too_long = PR_FALSE;
- if (length_field_len == 1)
- {
- too_long = ((byte & 0x80) == 0); /* Short form suffices */
- }
- else
- {
- too_long = (byte == 0); /* This zero byte can be omitted */
- }
- if (too_long)
- {
- /* The length is longer than needed. */
- return NULL;
- }
- }
- }
- }
-
- if (data_length > (buf_length - used_length))
- {
- /* The decoded length exceeds the available buffer */
- return NULL;
- }
-
- if (includeTag)
- {
- data_length += used_length;
- }
-
- *out_data_length = data_length;
- return ((unsigned char*)buf + (includeTag ? 0 : used_length));
-}
-
-static SECStatus GetItem(SECItem* src, SECItem* dest, PRBool includeTag)
-{
- if ( (!src) || (!dest) || (!src->data && src->len) )
- {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
-
- if (!src->len)
- {
- /* reaching the end of the buffer is not an error */
- dest->data = NULL;
- dest->len = 0;
- return SECSuccess;
- }
-
- dest->data = definite_length_decoder(src->data, src->len, &dest->len,
- includeTag);
- if (dest->data == NULL)
- {
- PORT_SetError(SEC_ERROR_BAD_DER);
- return SECFailure;
- }
- src->len -= (int)(dest->data - src->data) + dest->len;
- src->data = dest->data + dest->len;
- return SECSuccess;
-}
-
-/* check if the actual component's type matches the type in the template */
-
-static SECStatus MatchComponentType(const SEC_ASN1Template* templateEntry,
- SECItem* item, PRBool* match, void* dest)
-{
- unsigned long kind = 0;
- unsigned char tag = 0;
-
- if ( (!item) || (!item->data && item->len) || (!templateEntry) || (!match) )
- {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
-
- if (!item->len)
- {
- *match = PR_FALSE;
- return SECSuccess;
- }
-
- kind = templateEntry->kind;
- tag = *(unsigned char*) item->data;
-
- if ( ( (kind & SEC_ASN1_INLINE) ||
- (kind & SEC_ASN1_POINTER) ) &&
- (0 == (kind & SEC_ASN1_TAG_MASK) ) )
- {
- /* These cases are special because the template's "kind" does not
- give us the information for the ASN.1 tag of the next item. It can
- only be figured out from the subtemplate. */
- if (!(kind & SEC_ASN1_OPTIONAL))
- {
- /* This is a required component. If there is a type mismatch,
- the decoding of the subtemplate will fail, so assume this
- is a match at the parent level and let it fail later. This
- avoids a redundant check in matching cases */
- *match = PR_TRUE;
- return SECSuccess;
- }
- else
- {
- /* optional component. This is the hard case. Now we need to
- look at the subtemplate to get the expected kind */
- const SEC_ASN1Template* subTemplate =
- SEC_ASN1GetSubtemplate (templateEntry, dest, PR_FALSE);
- if (!subTemplate)
- {
- PORT_SetError(SEC_ERROR_BAD_TEMPLATE);
- return SECFailure;
- }
- if ( (subTemplate->kind & SEC_ASN1_INLINE) ||
- (subTemplate->kind & SEC_ASN1_POINTER) )
- {
- /* disallow nesting SEC_ASN1_POINTER and SEC_ASN1_INLINE,
- otherwise you may get a false positive due to the recursion
- optimization above that always matches the type if the
- component is required . Nesting these should never be
- required, so that no one should miss this ability */
- PORT_SetError(SEC_ERROR_BAD_TEMPLATE);
- return SECFailure;
- }
- return MatchComponentType(subTemplate, item, match,
- (void*)((char*)dest + templateEntry->offset));
- }
- }
-
- if (kind & SEC_ASN1_CHOICE)
- {
- /* we need to check the component's tag against each choice's tag */
- /* XXX it would be nice to save the index of the choice here so that
- DecodeChoice wouldn't have to do this again. However, due to the
- recursivity of MatchComponentType, we don't know if we are in a
- required or optional component, so we can't write anywhere in
- the destination within this function */
- unsigned choiceIndex = 1;
- const SEC_ASN1Template* choiceEntry;
- while ( (choiceEntry = &templateEntry[choiceIndex++]) && (choiceEntry->kind))
- {
- if ( (SECSuccess == MatchComponentType(choiceEntry, item, match,
- (void*)((char*)dest + choiceEntry->offset))) &&
- (PR_TRUE == *match) )
- {
- return SECSuccess;
- }
- }
- /* no match, caller must decide if this is BAD DER, or not. */
- *match = PR_FALSE;
- return SECSuccess;
- }
-
- if (kind & SEC_ASN1_ANY)
- {
- /* SEC_ASN1_ANY always matches */
- *match = PR_TRUE;
- return SECSuccess;
- }
-
- if ( (0 == ((unsigned char)kind & SEC_ASN1_TAGNUM_MASK)) &&
- (!(kind & SEC_ASN1_EXPLICIT)) &&
- ( ( (kind & SEC_ASN1_SAVE) ||
- (kind & SEC_ASN1_SKIP) ) &&
- (!(kind & SEC_ASN1_OPTIONAL))
- )
- )
- {
- /* when saving or skipping a required component, a type is not
- required in the template. This is for legacy support of
- SEC_ASN1_SAVE and SEC_ASN1_SKIP only. XXX I would like to
- deprecate these usages and always require a type, as this
- disables type checking, and effectively forbids us from
- transparently ignoring optional components we aren't aware of */
- *match = PR_TRUE;
- return SECSuccess;
- }
-
- /* first, do a class check */
- if ( (tag & SEC_ASN1_CLASS_MASK) !=
- (((unsigned char)kind) & SEC_ASN1_CLASS_MASK) )
- {
- /* this is only to help debugging of the decoder in case of problems */
- /* unsigned char tagclass = tag & SEC_ASN1_CLASS_MASK; */
- /* unsigned char expectedclass = (unsigned char)kind & SEC_ASN1_CLASS_MASK; */
- *match = PR_FALSE;
- return SECSuccess;
- }
-
- /* now do a tag check */
- if ( ((unsigned char)kind & SEC_ASN1_TAGNUM_MASK) !=
- (tag & SEC_ASN1_TAGNUM_MASK))
- {
- *match = PR_FALSE;
- return SECSuccess;
- }
-
- /* now, do a method check. This depends on the class */
- switch (tag & SEC_ASN1_CLASS_MASK)
- {
- case SEC_ASN1_UNIVERSAL:
- /* For types of the SEC_ASN1_UNIVERSAL class, we know which must be
- primitive or constructed based on the tag */
- switch (tag & SEC_ASN1_TAGNUM_MASK)
- {
- case SEC_ASN1_SEQUENCE:
- case SEC_ASN1_SET:
- case SEC_ASN1_EMBEDDED_PDV:
- /* this component must be a constructed type */
- /* XXX add any new universal constructed type here */
- if (tag & SEC_ASN1_CONSTRUCTED)
- {
- *match = PR_TRUE;
- return SECSuccess;
- }
- break;
-
- default:
- /* this component must be a primitive type */
- if (! (tag & SEC_ASN1_CONSTRUCTED))
- {
- *match = PR_TRUE;
- return SECSuccess;
- }
- break;
- }
- break;
-
- default:
- /* for all other classes, we check the method based on the template */
- if ( (unsigned char)(kind & SEC_ASN1_METHOD_MASK) ==
- (tag & SEC_ASN1_METHOD_MASK) )
- {
- *match = PR_TRUE;
- return SECSuccess;
- }
- /* method does not match between template and component */
- break;
- }
-
- *match = PR_FALSE;
- return SECSuccess;
-}
-
-#ifdef DEBUG
-
-static SECStatus CheckSequenceTemplate(const SEC_ASN1Template* sequenceTemplate)
-{
- SECStatus rv = SECSuccess;
- const SEC_ASN1Template* sequenceEntry = NULL;
- unsigned long seqIndex = 0;
- unsigned long lastEntryIndex = 0;
- unsigned long ambiguityIndex = 0;
- PRBool foundAmbiguity = PR_FALSE;
-
- do
- {
- sequenceEntry = &sequenceTemplate[seqIndex++];
- if (sequenceEntry->kind)
- {
- /* ensure that we don't have an optional component of SEC_ASN1_ANY
- in the middle of the sequence, since we could not handle it */
- /* XXX this function needs to dig into the subtemplates to find
- the next tag */
- if ( (PR_FALSE == foundAmbiguity) &&
- (sequenceEntry->kind & SEC_ASN1_OPTIONAL) &&
- (sequenceEntry->kind & SEC_ASN1_ANY) )
- {
- foundAmbiguity = PR_TRUE;
- ambiguityIndex = seqIndex - 1;
- }
- }
- } while (sequenceEntry->kind);
-
- lastEntryIndex = seqIndex - 2;
-
- if (PR_FALSE != foundAmbiguity)
- {
- if (ambiguityIndex < lastEntryIndex)
- {
- /* ambiguity can only be tolerated on the last entry */
- PORT_SetError(SEC_ERROR_BAD_TEMPLATE);
- rv = SECFailure;
- }
- }
-
- /* XXX also enforce ASN.1 requirement that tags be
- distinct for consecutive optional components */
-
- return rv;
-}
-
-#endif
-
-static SECStatus DecodeItem(void* dest,
- const SEC_ASN1Template* templateEntry,
- SECItem* src, PLArenaPool* arena, PRBool checkTag);
-
-static SECStatus DecodeSequence(void* dest,
- const SEC_ASN1Template* templateEntry,
- SECItem* src, PLArenaPool* arena)
-{
- SECStatus rv = SECSuccess;
- SECItem source;
- SECItem sequence;
- const SEC_ASN1Template* sequenceTemplate = &(templateEntry[1]);
- const SEC_ASN1Template* sequenceEntry = NULL;
- unsigned long seqindex = 0;
-
-#ifdef DEBUG
- /* for a sequence, we need to validate the template. */
- rv = CheckSequenceTemplate(sequenceTemplate);
-#endif
-
- source = *src;
-
- /* get the sequence */
- if (SECSuccess == rv)
- {
- rv = GetItem(&source, &sequence, PR_FALSE);
- }
-
- /* process it */
- if (SECSuccess == rv)
- do
- {
- sequenceEntry = &sequenceTemplate[seqindex++];
- if ( (sequenceEntry && sequenceEntry->kind) &&
- (sequenceEntry->kind != SEC_ASN1_SKIP_REST) )
- {
- rv = DecodeItem(dest, sequenceEntry, &sequence, arena, PR_TRUE);
- }
- } while ( (SECSuccess == rv) &&
- (sequenceEntry->kind &&
- sequenceEntry->kind != SEC_ASN1_SKIP_REST) );
- /* we should have consumed all the bytes in the sequence by now
- unless the caller doesn't care about the rest of the sequence */
- if (SECSuccess == rv && sequence.len &&
- sequenceEntry && sequenceEntry->kind != SEC_ASN1_SKIP_REST)
- {
- /* it isn't 100% clear whether this is a bad DER or a bad template.
- The problem is that logically, they don't match - there is extra
- data in the DER that the template doesn't know about */
- PORT_SetError(SEC_ERROR_BAD_DER);
- rv = SECFailure;
- }
-
- return rv;
-}
-
-static SECStatus DecodeInline(void* dest,
- const SEC_ASN1Template* templateEntry,
- SECItem* src, PLArenaPool* arena, PRBool checkTag)
-{
- const SEC_ASN1Template* inlineTemplate =
- SEC_ASN1GetSubtemplate (templateEntry, dest, PR_FALSE);
- return DecodeItem((void*)((char*)dest + templateEntry->offset),
- inlineTemplate, src, arena, checkTag);
-}
-
-static SECStatus DecodePointer(void* dest,
- const SEC_ASN1Template* templateEntry,
- SECItem* src, PLArenaPool* arena, PRBool checkTag)
-{
- const SEC_ASN1Template* ptrTemplate =
- SEC_ASN1GetSubtemplate (templateEntry, dest, PR_FALSE);
- void* subdata = PORT_ArenaZAlloc(arena, ptrTemplate->size);
- *(void**)((char*)dest + templateEntry->offset) = subdata;
- if (subdata)
- {
- return DecodeItem(subdata, ptrTemplate, src, arena, checkTag);
- }
- else
- {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return SECFailure;
- }
-}
-
-static SECStatus DecodeImplicit(void* dest,
- const SEC_ASN1Template* templateEntry,
- SECItem* src, PLArenaPool* arena)
-{
- if (templateEntry->kind & SEC_ASN1_POINTER)
- {
- return DecodePointer((void*)((char*)dest ),
- templateEntry, src, arena, PR_FALSE);
- }
- else
- {
- return DecodeInline((void*)((char*)dest ),
- templateEntry, src, arena, PR_FALSE);
- }
-}
-
-static SECStatus DecodeChoice(void* dest,
- const SEC_ASN1Template* templateEntry,
- SECItem* src, PLArenaPool* arena)
-{
- SECStatus rv = SECSuccess;
- SECItem choice;
- const SEC_ASN1Template* choiceTemplate = &(templateEntry[1]);
- const SEC_ASN1Template* choiceEntry = NULL;
- unsigned long choiceindex = 0;
-
- /* XXX for a choice component, we should validate the template to make
- sure the tags are distinct, in debug builds. This hasn't been
- implemented yet */
- /* rv = CheckChoiceTemplate(sequenceTemplate); */
-
- /* process it */
- do
- {
- choice = *src;
- choiceEntry = &choiceTemplate[choiceindex++];
- if (choiceEntry->kind)
- {
- rv = DecodeItem(dest, choiceEntry, &choice, arena, PR_TRUE);
- }
- } while ( (SECFailure == rv) && (choiceEntry->kind));
-
- if (SECFailure == rv)
- {
- /* the component didn't match any of the choices */
- PORT_SetError(SEC_ERROR_BAD_DER);
- }
- else
- {
- /* set the type in the union here */
- int *which = (int *)((char *)dest + templateEntry->offset);
- *which = (int)choiceEntry->size;
- }
-
- /* we should have consumed all the bytes by now */
- /* fail if we have not */
- if (SECSuccess == rv && choice.len)
- {
- /* there is extra data that isn't listed in the template */
- PORT_SetError(SEC_ERROR_BAD_DER);
- rv = SECFailure;
- }
- return rv;
-}
-
-static SECStatus DecodeGroup(void* dest,
- const SEC_ASN1Template* templateEntry,
- SECItem* src, PLArenaPool* arena)
-{
- SECStatus rv = SECSuccess;
- SECItem source;
- SECItem group;
- PRUint32 totalEntries = 0;
- PRUint32 entryIndex = 0;
- void** entries = NULL;
-
- const SEC_ASN1Template* subTemplate =
- SEC_ASN1GetSubtemplate (templateEntry, dest, PR_FALSE);
-
- source = *src;
-
- /* get the group */
- if (SECSuccess == rv)
- {
- rv = GetItem(&source, &group, PR_FALSE);
- }
-
- /* XXX we should check the subtemplate in debug builds */
- if (SECSuccess == rv)
- {
- /* first, count the number of entries. Benchmarking showed that this
- counting pass is more efficient than trying to allocate entries as
- we read the DER, even if allocating many entries at a time
- */
- SECItem counter = group;
- do
- {
- SECItem anitem;
- rv = GetItem(&counter, &anitem, PR_TRUE);
- if (SECSuccess == rv && (anitem.len) )
- {
- totalEntries++;
- }
- } while ( (SECSuccess == rv) && (counter.len) );
-
- if (SECSuccess == rv)
- {
- /* allocate room for pointer array and entries */
- /* we want to allocate the array even if there is 0 entry */
- entries = (void**)PORT_ArenaZAlloc(arena, sizeof(void*)*
- (totalEntries + 1 ) + /* the extra one is for NULL termination */
- subTemplate->size*totalEntries);
-
- if (entries)
- {
- entries[totalEntries] = NULL; /* terminate the array */
- }
- else
- {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- rv = SECFailure;
- }
- if (SECSuccess == rv)
- {
- void* entriesData = (unsigned char*)entries + (unsigned long)(sizeof(void*)*(totalEntries + 1 ));
- /* and fix the pointers in the array */
- PRUint32 entriesIndex = 0;
- for (entriesIndex = 0;entriesIndex<totalEntries;entriesIndex++)
- {
- entries[entriesIndex] =
- (char*)entriesData + (subTemplate->size*entriesIndex);
- }
- }
- }
- }
-
- if (SECSuccess == rv && totalEntries)
- do
- {
- if (!(entryIndex<totalEntries))
- {
- rv = SECFailure;
- break;
- }
- rv = DecodeItem(entries[entryIndex++], subTemplate, &group, arena, PR_TRUE);
- } while ( (SECSuccess == rv) && (group.len) );
- /* we should be at the end of the set by now */
- /* save the entries where requested */
- memcpy(((char*)dest + templateEntry->offset), &entries, sizeof(void**));
-
- return rv;
-}
-
-static SECStatus DecodeExplicit(void* dest,
- const SEC_ASN1Template* templateEntry,
- SECItem* src, PLArenaPool* arena)
-{
- SECStatus rv = SECSuccess;
- SECItem subItem;
- SECItem constructed = *src;
-
- rv = GetItem(&constructed, &subItem, PR_FALSE);
-
- if (SECSuccess == rv)
- {
- if (templateEntry->kind & SEC_ASN1_POINTER)
- {
- rv = DecodePointer(dest, templateEntry, &subItem, arena, PR_TRUE);
- }
- else
- {
- rv = DecodeInline(dest, templateEntry, &subItem, arena, PR_TRUE);
- }
- }
-
- return rv;
-}
-
-/* new decoder implementation. This is a recursive function */
-
-static SECStatus DecodeItem(void* dest,
- const SEC_ASN1Template* templateEntry,
- SECItem* src, PLArenaPool* arena, PRBool checkTag)
-{
- SECStatus rv = SECSuccess;
- SECItem temp;
- SECItem mark = {siBuffer, NULL, 0};
- PRBool pop = PR_FALSE;
- PRBool decode = PR_TRUE;
- PRBool save = PR_FALSE;
- unsigned long kind;
- PRBool match = PR_TRUE;
-
- PR_ASSERT(src && dest && templateEntry && arena);
-#if 0
- if (!src || !dest || !templateEntry || !arena)
- {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- rv = SECFailure;
- }
-#endif
-
- if (SECSuccess == rv)
- {
- /* do the template validation */
- kind = templateEntry->kind;
- if (!kind)
- {
- PORT_SetError(SEC_ERROR_BAD_TEMPLATE);
- rv = SECFailure;
- }
- }
-
- if (SECSuccess == rv)
- {
-#ifdef DEBUG
- if (kind & SEC_ASN1_DEBUG_BREAK)
- {
- /* when debugging the decoder or a template that fails to
- decode, put SEC_ASN1_DEBUG in the component that gives you
- trouble. The decoder will then get to this block and assert.
- If you want to debug the rest of the code, you can set a
- breakpoint and set dontassert to PR_TRUE, which will let
- you skip over the assert and continue the debugging session
- past it. */
- PRBool dontassert = PR_FALSE;
- PR_ASSERT(dontassert); /* set bkpoint here & set dontassert*/
- }
-#endif
-
- if ((kind & SEC_ASN1_SKIP) ||
- (kind & SEC_ASN1_SAVE))
- {
- /* if skipping or saving this component, don't decode it */
- decode = PR_FALSE;
- }
-
- if (kind & (SEC_ASN1_SAVE | SEC_ASN1_OPTIONAL))
- {
- /* if saving this component, or if it is optional, we may not want to
- move past it, so save the position in case we have to rewind */
- mark = *src;
- if (kind & SEC_ASN1_SAVE)
- {
- save = PR_TRUE;
- if (0 == (kind & SEC_ASN1_SKIP))
- {
- /* we will for sure have to rewind when saving this
- component and not skipping it. This is true for all
- legacy uses of SEC_ASN1_SAVE where the following entry
- in the template would causes the same component to be
- processed again */
- pop = PR_TRUE;
- }
- }
- }
-
- rv = GetItem(src, &temp, PR_TRUE);
- }
-
- if (SECSuccess == rv)
- {
- /* now check if the component matches what we expect in the template */
-
- if (PR_TRUE == checkTag)
-
- {
- rv = MatchComponentType(templateEntry, &temp, &match, dest);
- }
-
- if ( (SECSuccess == rv) && (PR_TRUE != match) )
- {
- if (kind & SEC_ASN1_OPTIONAL)
- {
-
- /* the optional component is missing. This is not fatal. */
- /* Rewind, don't decode, and don't save */
- pop = PR_TRUE;
- decode = PR_FALSE;
- save = PR_FALSE;
- }
- else
- {
- /* a required component is missing. abort */
- PORT_SetError(SEC_ERROR_BAD_DER);
- rv = SECFailure;
- }
- }
- }
-
- if ((SECSuccess == rv) && (PR_TRUE == decode))
- {
- /* the order of processing here is is the tricky part */
- /* we start with our special cases */
- /* first, check the component class */
- if (kind & SEC_ASN1_INLINE)
- {
- /* decode inline template */
- rv = DecodeInline(dest, templateEntry, &temp , arena, PR_TRUE);
- }
-
- else
- if (kind & SEC_ASN1_EXPLICIT)
- {
- rv = DecodeExplicit(dest, templateEntry, &temp, arena);
- }
- else
- if ( (SEC_ASN1_UNIVERSAL != (kind & SEC_ASN1_CLASS_MASK)) &&
-
- (!(kind & SEC_ASN1_EXPLICIT)))
- {
-
- /* decode implicitly tagged components */
- rv = DecodeImplicit(dest, templateEntry, &temp , arena);
- }
- else
- if (kind & SEC_ASN1_POINTER)
- {
- rv = DecodePointer(dest, templateEntry, &temp, arena, PR_TRUE);
- }
- else
- if (kind & SEC_ASN1_CHOICE)
- {
- rv = DecodeChoice(dest, templateEntry, &temp, arena);
- }
- else
- if (kind & SEC_ASN1_ANY)
- {
- /* catch-all ANY type, don't decode */
- save = PR_TRUE;
- if (kind & SEC_ASN1_INNER)
- {
- /* skip the tag and length */
- SECItem newtemp = temp;
- rv = GetItem(&newtemp, &temp, PR_FALSE);
- }
- }
- else
- if (kind & SEC_ASN1_GROUP)
- {
- if ( (SEC_ASN1_SEQUENCE == (kind & SEC_ASN1_TAGNUM_MASK)) ||
- (SEC_ASN1_SET == (kind & SEC_ASN1_TAGNUM_MASK)) )
- {
- rv = DecodeGroup(dest, templateEntry, &temp , arena);
- }
- else
- {
- /* a group can only be a SET OF or SEQUENCE OF */
- PORT_SetError(SEC_ERROR_BAD_TEMPLATE);
- rv = SECFailure;
- }
- }
- else
- if (SEC_ASN1_SEQUENCE == (kind & SEC_ASN1_TAGNUM_MASK))
- {
- /* plain SEQUENCE */
- rv = DecodeSequence(dest, templateEntry, &temp , arena);
- }
- else
- {
- /* handle all other types as "save" */
- /* we should only get here for primitive universal types */
- SECItem newtemp = temp;
- rv = GetItem(&newtemp, &temp, PR_FALSE);
- save = PR_TRUE;
- if ((SECSuccess == rv) &&
- SEC_ASN1_UNIVERSAL == (kind & SEC_ASN1_CLASS_MASK))
- {
- unsigned long tagnum = kind & SEC_ASN1_TAGNUM_MASK;
- if ( temp.len == 0 && (tagnum == SEC_ASN1_BOOLEAN ||
- tagnum == SEC_ASN1_INTEGER ||
- tagnum == SEC_ASN1_BIT_STRING ||
- tagnum == SEC_ASN1_OBJECT_ID ||
- tagnum == SEC_ASN1_ENUMERATED ||
- tagnum == SEC_ASN1_UTC_TIME ||
- tagnum == SEC_ASN1_GENERALIZED_TIME) )
- {
- /* these types MUST have at least one content octet */
- PORT_SetError(SEC_ERROR_BAD_DER);
- rv = SECFailure;
- }
- else
- switch (tagnum)
- {
- /* special cases of primitive types */
- case SEC_ASN1_INTEGER:
- {
- /* remove leading zeroes if the caller requested
- siUnsignedInteger
- This is to allow RSA key operations to work */
- SECItem* destItem = (SECItem*) ((char*)dest +
- templateEntry->offset);
- if (destItem && (siUnsignedInteger == destItem->type))
- {
- while (temp.len > 1 && temp.data[0] == 0)
- { /* leading 0 */
- temp.data++;
- temp.len--;
- }
- }
- break;
- }
-
- case SEC_ASN1_BIT_STRING:
- {
- /* change the length in the SECItem to be the number
- of bits */
- temp.len = (temp.len-1)*8 - (temp.data[0] & 0x7);
- temp.data++;
- break;
- }
-
- default:
- {
- break;
- }
- }
- }
- }
- }
-
- if ((SECSuccess == rv) && (PR_TRUE == save))
- {
- SECItem* destItem = (SECItem*) ((char*)dest + templateEntry->offset);
- if (destItem)
- {
- /* we leave the type alone in the destination SECItem.
- If part of the destination was allocated by the decoder, in
- cases of POINTER, SET OF and SEQUENCE OF, then type is set to
- siBuffer due to the use of PORT_ArenaZAlloc*/
- destItem->data = temp.len ? temp.data : NULL;
- destItem->len = temp.len;
- }
- else
- {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- rv = SECFailure;
- }
- }
-
- if (PR_TRUE == pop)
- {
- /* we don't want to move ahead, so restore the position */
- *src = mark;
- }
- return rv;
-}
-
-/* the function below is the public one */
-
-SECStatus SEC_QuickDERDecodeItem(PLArenaPool* arena, void* dest,
- const SEC_ASN1Template* templateEntry,
- const SECItem* src)
-{
- SECStatus rv = SECSuccess;
- SECItem newsrc;
-
- if (!arena || !templateEntry || !src)
- {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- rv = SECFailure;
- }
-
- if (SECSuccess == rv)
- {
- newsrc = *src;
- rv = DecodeItem(dest, templateEntry, &newsrc, arena, PR_TRUE);
- if (SECSuccess == rv && newsrc.len)
- {
- rv = SECFailure;
- PORT_SetError(SEC_ERROR_EXTRA_INPUT);
- }
- }
-
- return rv;
-}
-
« no previous file with comments | « nss/lib/util/portreg.c ('k') | nss/lib/util/secalgid.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698