nss/lib/certdb/genname.c - Issue 319593003: Update to NSS 3.16.2 Beta 3.

Side by Side Diff: nss/lib/certdb/genname.c

Issue 319593003: Update to NSS 3.16.2 Beta 3. (Closed) Base URL: http://src.chromium.org/svn/trunk/deps/third_party/nss

Patch Set: Remove unused function SEC_NumberOrNameStringToOIDTag Created 6 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 /* This Source Code Form is subject to the terms of the Mozilla Public	1 /* This Source Code Form is subject to the terms of the Mozilla Public

2 * License, v. 2.0. If a copy of the MPL was not distributed with this	2 * License, v. 2.0. If a copy of the MPL was not distributed with this

3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */	3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

4	4

5 #include "plarena.h"	5 #include "plarena.h"

6 #include "seccomon.h"	6 #include "seccomon.h"

7 #include "secitem.h"	7 #include "secitem.h"

8 #include "secoidt.h"	8 #include "secoidt.h"

9 #include "secasn1.h"	9 #include "secasn1.h"

10 #include "secder.h"	10 #include "secder.h"

(...skipping 119 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
130 SEC_ASN1_SUB(SEC_ObjectIDTemplate),	130 SEC_ASN1_SUB(SEC_ObjectIDTemplate),

131 sizeof (CERTGeneralName)}	131 sizeof (CERTGeneralName)}

132 };	132 };

133	133

134	134

135 const SEC_ASN1Template CERT_GeneralNamesTemplate[] = {	135 const SEC_ASN1Template CERT_GeneralNamesTemplate[] = {

136 { SEC_ASN1_SEQUENCE_OF \| SEC_ASN1_XTRN , 0, SEC_ASN1_SUB(SEC_AnyTemplate) }	136 { SEC_ASN1_SEQUENCE_OF \| SEC_ASN1_XTRN , 0, SEC_ASN1_SUB(SEC_AnyTemplate) }

137 };	137 };

138	138

139	139

	140 static struct {

	141 CERTGeneralNameType type;

	142 char *name;

	143 } typesArray[] = {

	144 { certOtherName, "other" },

	145 { certRFC822Name, "email" },

	146 { certRFC822Name, "rfc822" },

	147 { certDNSName, "dns" },

	148 { certX400Address, "x400" },

	149 { certX400Address, "x400addr" },

	150 { certDirectoryName, "directory" },

	151 { certDirectoryName, "dn" },

	152 { certEDIPartyName, "edi" },

	153 { certEDIPartyName, "ediparty" },

	154 { certURI, "uri" },

	155 { certIPAddress, "ip" },

	156 { certIPAddress, "ipaddr" },

	157 { certRegisterID, "registerid" }

	158 };

	159

	160 CERTGeneralNameType

	161 CERT_GetGeneralNameTypeFromString(const char *string)

	162 {

	163 int types_count = sizeof(typesArray)/sizeof(typesArray[0]);

	164 int i;

	165

	166 for (i=0; i < types_count; i++) {

	167 if (PORT_Strcasecmp(string, typesArray[i].name) == 0) {

	168 return typesArray[i].type;

	169 }

	170 }

	171 return 0;

	172 }

140	173

141 CERTGeneralName *	174 CERTGeneralName *

142 CERT_NewGeneralName(PLArenaPool *arena, CERTGeneralNameType type)	175 CERT_NewGeneralName(PLArenaPool *arena, CERTGeneralNameType type)

143 {	176 {

144 CERTGeneralName *name = arena	177 CERTGeneralName *name = arena

145 ? PORT_ArenaZNew(arena, CERTGeneralName)	178 ? PORT_ArenaZNew(arena, CERTGeneralName)

146 : PORT_ZNew(CERTGeneralName);	179 : PORT_ZNew(CERTGeneralName);

147 if (name) {	180 if (name) {

148 name->type = type;	181 name->type = type;

149 name->l.prev = name->l.next = &name->l;	182 name->l.prev = name->l.next = &name->l;

(...skipping 1366 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1516	1549

1517 done:	1550 done:

1518 if (rv == SECFailure) {	1551 if (rv == SECFailure) {

1519 PORT_ArenaRelease(arena, mark);	1552 PORT_ArenaRelease(arena, mark);

1520 } else {	1553 } else {

1521 PORT_ArenaUnmark(arena, mark);	1554 PORT_ArenaUnmark(arena, mark);

1522 }	1555 }

1523 return rv;	1556 return rv;

1524 }	1557 }

1525	1558

	1559 /* Add name constraints to certain certs that do not include name constraints

	1560 * This is the core of the implementation for bug 952572.

	1561 */

	1562

	1563 static SECStatus

	1564 getNameExtensionsBuiltIn(CERTCertificate *cert,

	1565 SECItem *extensions)

	1566 {

	1567 const char constraintFranceGov[] = "\x30\x5D" /* sequence len = 93*/

	1568 "\xA0\x5B" /* element len =91 */

	1569 "\x30\x05" /* sequence len 5 */

	1570 "\x82\x03" /* entry len 3 */

	1571 ".fr"

	1572 "\x30\x05\x82\x03" /* sequence len5, entry len 3 */

	1573 ".gp"

	1574 "\x30\x05\x82\x03"

	1575 ".gf"

	1576 "\x30\x05\x82\x03"

	1577 ".mq"

	1578 "\x30\x05\x82\x03"

	1579 ".re"

	1580 "\x30\x05\x82\x03"

	1581 ".yt"

	1582 "\x30\x05\x82\x03"

	1583 ".pm"

	1584 "\x30\x05\x82\x03"

	1585 ".bl"

	1586 "\x30\x05\x82\x03"

	1587 ".mf"

	1588 "\x30\x05\x82\x03"

	1589 ".wf"

	1590 "\x30\x05\x82\x03"

	1591 ".pf"

	1592 "\x30\x05\x82\x03"

	1593 ".nc"

	1594 "\x30\x05\x82\x03"

	1595 ".tf";
	Ryan Sleevi 2014/06/05 00:22:30 We should compare this with our constraints, and m We should compare this with our constraints, and make sure it contains everything we constrain them to. wtc 2014/06/05 03:00:10 This is the same as our list in net/cert/cert_veri This is the same as our list in net/cert/cert_verify_proc.cc 505 "fr", // France 506 "gp", // Guadeloupe 507 "gf", // Guyane 508 "mq", // Martinique 509 "re", // Réunion 510 "yt", // Mayotte 511 "pm", // Saint-Pierre et Miquelon 512 "bl", // Saint Barthélemy 513 "mf", // Saint Martin 514 "wf", // Wallis et Futuna 515 "pf", // Polynésie française 516 "nc", // Nouvelle Calédonie 517 "tf", // Terres australes et antarctiques françaises
	1596

	1597 /* The stringified value for the subject is:

	1598 E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,ST=France,C=FR

	1599 */

	1600 const char rawANSSISubject[] = "\x30\x81\x85\x31\x0B\x30\x09\x06\x03\x55\x04"

	1601 "\x06\x13\x02\x46\x52\x31\x0F\x30\x0D\x06\x03"

	1602 "\x55\x04\x08\x13\x06\x46\x72\x61\x6E\x63\x65"

	1603 "\x31\x0E\x30\x0C\x06\x03\x55\x04\x07\x13\x05"

	1604 "\x50\x61\x72\x69\x73\x31\x10\x30\x0E\x06\x03"

	1605 "\x55\x04\x0A\x13\x07\x50\x4D\x2F\x53\x47\x44"

	1606 "\x4E\x31\x0E\x30\x0C\x06\x03\x55\x04\x0B\x13"

	1607 "\x05\x44\x43\x53\x53\x49\x31\x0E\x30\x0C\x06"

	1608 "\x03\x55\x04\x03\x13\x05\x49\x47\x43\x2F\x41"

	1609 "\x31\x23\x30\x21\x06\x09\x2A\x86\x48\x86\xF7"

	1610 "\x0D\x01\x09\x01\x16\x14\x69\x67\x63\x61\x40"

	1611 "\x73\x67\x64\x6E\x2E\x70\x6D\x2E\x67\x6F\x75"

	1612 "\x76\x2E\x66\x72";

	1613

	1614 const SECItem anssi_subject = {0, (char *) rawANSSISubject,

	1615 sizeof(rawANSSISubject)-1};

	1616 const SECItem permitFranceGovNC = {0, (char *) constraintFranceGov,

	1617 sizeof(constraintFranceGov)-1};

	1618

	1619 if (SECITEM_ItemsAreEqual(&cert->derSubject, &anssi_subject)) {

	1620 SECStatus rv;

	1621 rv = SECITEM_CopyItem(NULL, extensions, &permitFranceGovNC);

	1622 return rv;

	1623 }

	1624 PORT_SetError(SEC_ERROR_EXTENSION_NOT_FOUND);

	1625 return SECFailure;

	1626 }

	1627

1526 /* Extract the name constraints extension from the CA cert. */	1628 /* Extract the name constraints extension from the CA cert. */

1527 SECStatus	1629 SECStatus

1528 CERT_FindNameConstraintsExten(PLArenaPool *arena,	1630 CERT_FindNameConstraintsExten(PLArenaPool *arena,

1529 CERTCertificate *cert,	1631 CERTCertificate *cert,

1530 CERTNameConstraints **constraints)	1632 CERTNameConstraints **constraints)

1531 {	1633 {

1532 SECStatus rv = SECSuccess;	1634 SECStatus rv = SECSuccess;

1533 SECItem constraintsExtension;	1635 SECItem constraintsExtension;

1534 void *mark = NULL;	1636 void *mark = NULL;

1535	1637

1536 *constraints = NULL;	1638 *constraints = NULL;

1537	1639

1538 rv = CERT_FindCertExtension(cert, SEC_OID_X509_NAME_CONSTRAINTS,	1640 rv = CERT_FindCertExtension(cert, SEC_OID_X509_NAME_CONSTRAINTS,

1539 &constraintsExtension);	1641 &constraintsExtension);

1540 if (rv != SECSuccess) {	1642 if (rv != SECSuccess) {

1541 if (PORT_GetError() == SEC_ERROR_EXTENSION_NOT_FOUND) {	1643 if (PORT_GetError() != SEC_ERROR_EXTENSION_NOT_FOUND) {

1542 rv = SECSuccess;	1644 return rv;

1543 }	1645 }

1544 return rv;	1646 rv = getNameExtensionsBuiltIn(cert, &constraintsExtension);

	1647 if (rv != SECSuccess) {

	1648 if (PORT_GetError() == SEC_ERROR_EXTENSION_NOT_FOUND) {

	1649 return SECSuccess;

	1650 }

	1651 return rv;

	1652 }

1545 }	1653 }

1546	1654

1547 mark = PORT_ArenaMark(arena);	1655 mark = PORT_ArenaMark(arena);

1548	1656

1549 *constraints = cert_DecodeNameConstraints(arena, &constraintsExtension);	1657 *constraints = cert_DecodeNameConstraints(arena, &constraintsExtension);

1550 if (constraints == NULL) { / decode failed */	1658 if (constraints == NULL) { / decode failed */

1551 rv = SECFailure;	1659 rv = SECFailure;

1552 }	1660 }

1553 PORT_Free (constraintsExtension.data);	1661 PORT_Free (constraintsExtension.data);

1554	1662

(...skipping 298 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1853 break;	1961 break;

1854 }	1962 }

1855 list->name = cert_CombineNamesLists(list->name, name);	1963 list->name = cert_CombineNamesLists(list->name, name);

1856 list->len++;	1964 list->len++;

1857 done:	1965 done:

1858 PZ_Unlock(list->lock);	1966 PZ_Unlock(list->lock);

1859 }	1967 }

1860 return;	1968 return;

1861 }	1969 }

1862 #endif	1970 #endif

OLD	NEW

« no previous file with comments | « nss/lib/certdb/genname.h ('k') | nss/lib/certhigh/ocsp.c » ('j') | nss/lib/pk11wrap/pk11cert.c » ('J')