static int
generate_algorithm_id_list(cms_context *cms, SECAlgorithmID ***algorithm_list_p)
{
SECAlgorithmID **algorithms = NULL;
int err = 0;
algorithms = PORT_ArenaZAlloc(cms->arena, sizeof (SECAlgorithmID *) *
2);
if (!algorithms)
return -1;
algorithms[0] = PORT_ArenaZAlloc(cms->arena, sizeof(SECAlgorithmID));
if (!algorithms[0]) {
err = PORT_GetError();
goto err_list;
}
if (generate_algorithm_id(cms, algorithms[0],
digest_get_digest_oid(cms)) < 0) {
err = PORT_GetError();
goto err_item;
}
*algorithm_list_p = algorithms;
return 0;
err_item:
PORT_ZFree(algorithms[0], sizeof (SECAlgorithmID));
err_list:
PORT_ZFree(algorithms, sizeof (SECAlgorithmID *) * 2);
PORT_SetError(err);
return -1;
}
static void
sftk_TLSPRFHashDestroy(TLSPRFContext *cx, PRBool freeit)
{
if (freeit) {
if (cx->cxBufPtr != cx->cxBuf)
PORT_ZFree(cx->cxBufPtr, cx->cxBufSize);
PORT_ZFree(cx, cx->cxSize);
}
}
void
SECITEM_ZfreeItem(SecAsn1Item *zap, Boolean freeit)
{
if (zap) {
PORT_ZFree(zap->Data, zap->Length);
zap->Data = 0;
zap->Length = 0;
if (freeit) {
PORT_ZFree(zap, sizeof(SecAsn1Item));
}
}
}
void
SECITEM_ZfreeItem(SECItem *zap, PRBool freeit)
{
if (zap) {
PORT_ZFree(zap->data, zap->len);
zap->data = 0;
zap->len = 0;
if (freeit) {
PORT_ZFree(zap, sizeof(SECItem));
}
}
}
void
free_algorithm_list(SECAlgorithmID **algorithm_list, cms_context *ctx)
{
if (!algorithm_list)
return;
#if 0
for (int i = 0; algorithm_list[i] != NULL; i++) {
PORT_ZFree(algorithm_list[i], sizeof (SECAlgorithmID));
}
PORT_ZFree(algorithm_list, sizeof (SECAlgorithmID *) * 2);
#endif
}
static SECStatus
generate_prime(mp_int *prime, int primeLen)
{
mp_err err = MP_OKAY;
SECStatus rv = SECSuccess;
unsigned long counter = 0;
int piter;
unsigned char *pb = NULL;
pb = PORT_Alloc(primeLen);
if (!pb) {
PORT_SetError(SEC_ERROR_NO_MEMORY);
goto cleanup;
}
for (piter = 0; piter < MAX_PRIME_GEN_ATTEMPTS; piter++) {
CHECK_SEC_OK( RNG_GenerateGlobalRandomBytes(pb, primeLen) );
pb[0] |= 0xC0; /* set two high-order bits */
pb[primeLen-1] |= 0x01; /* set low-order bit */
CHECK_MPI_OK( mp_read_unsigned_octets(prime, pb, primeLen) );
err = mpp_make_prime(prime, primeLen * 8, PR_FALSE, &counter);
if (err != MP_NO)
goto cleanup;
/* keep going while err == MP_NO */
}
cleanup:
if (pb)
PORT_ZFree(pb, primeLen);
if (err) {
MP_TO_SEC_ERROR(err);
rv = SECFailure;
}
return rv;
}
static SECStatus
sftk_TLSPRFVerify(TLSPRFContext *cx,
unsigned char *sig, /* input, for comparison. */
unsigned int sigLen, /* length of sig. */
unsigned char *hash, /* data to be verified. */
unsigned int hashLen) /* size of hash data. */
{
unsigned char * tmp = (unsigned char *)PORT_Alloc(sigLen);
unsigned int tmpLen = sigLen;
SECStatus rv;
if (!tmp)
return SECFailure;
if (hashLen) {
/* hashLen is non-zero when the user does a one-step verify.
** In this case, none of the data has been input yet.
*/
sftk_TLSPRFHashUpdate(cx, hash, hashLen);
}
rv = sftk_TLSPRFUpdate(cx, tmp, &tmpLen, sigLen, NULL, 0);
if (rv == SECSuccess) {
rv = (SECStatus)(1 - !PORT_Memcmp(tmp, sig, sigLen));
}
PORT_ZFree(tmp, sigLen);
return rv;
}
static void
sftk_TLSPRFHashUpdate(TLSPRFContext *cx, const unsigned char *data,
unsigned int data_len)
{
PRUint32 bytesUsed = cx->cxKeyLen + cx->cxDataLen;
if (cx->cxRv != SECSuccess) /* function has previously failed. */
return;
if (bytesUsed + data_len > cx->cxBufSize) {
/* We don't use realloc here because
** (a) realloc doesn't zero out the old block, and
** (b) if realloc fails, we lose the old block.
*/
PRUint32 newBufSize = bytesUsed + data_len + 512;
unsigned char * newBuf = (unsigned char *)PORT_Alloc(newBufSize);
if (!newBuf) {
cx->cxRv = SECFailure;
return;
}
PORT_Memcpy(newBuf, cx->cxBufPtr, bytesUsed);
if (cx->cxBufPtr != cx->cxBuf) {
PORT_ZFree(cx->cxBufPtr, bytesUsed);
}
cx->cxBufPtr = newBuf;
cx->cxBufSize = newBufSize;
}
PORT_Memcpy(cx->cxBufPtr + bytesUsed, data, data_len);
cx->cxDataLen += data_len;
}
/*
* If zero is true, zeroize the arena memory before freeing it.
*/
void
PORT_FreeArena(PLArenaPool *arena, PRBool zero)
{
PORTArenaPool *pool = (PORTArenaPool *)arena;
PRLock * lock = (PRLock *)0;
size_t len = sizeof *arena;
static PRBool checkedEnv = PR_FALSE;
static PRBool doFreeArenaPool = PR_FALSE;
if (!pool)
return;
if (ARENAPOOL_MAGIC == pool->magic ) {
len = sizeof *pool;
lock = pool->lock;
PZ_Lock(lock);
}
if (!checkedEnv) {
/* no need for thread protection here */
doFreeArenaPool = (PR_GetEnv("NSS_DISABLE_ARENA_FREE_LIST") == NULL);
checkedEnv = PR_TRUE;
}
if (zero) {
PL_ClearArenaPool(arena, 0);
}
if (doFreeArenaPool) {
PL_FreeArenaPool(arena);
} else {
PL_FinishArenaPool(arena);
}
PORT_ZFree(arena, len);
if (lock) {
PZ_Unlock(lock);
PZ_DestroyLock(lock);
}
}
/*
* If zero is true, zeroize the arena memory before freeing it.
*/
void
PORT_FreeArena(PLArenaPool *arena, PRBool zero)
{
PORTArenaPool *pool = (PORTArenaPool *)arena;
PRLock *lock = (PRLock *)0;
size_t len = sizeof *arena;
if (!pool)
return;
if (ARENAPOOL_MAGIC == pool->magic) {
len = sizeof *pool;
lock = pool->lock;
PZ_Lock(lock);
}
if (zero) {
PL_ClearArenaPool(arena, 0);
}
(void)PR_CallOnce(&setupUseFreeListOnce, &SetupUseFreeList);
if (useFreeList) {
PL_FreeArenaPool(arena);
} else {
PL_FinishArenaPool(arena);
}
PORT_ZFree(arena, len);
if (lock) {
PZ_Unlock(lock);
PZ_DestroyLock(lock);
}
}
/* Reset sec back to its initial state.
** Caller holds any relevant locks.
*/
void
ssl_ResetSecurityInfo(sslSecurityInfo *sec, PRBool doMemset)
{
if (sec->localCert) {
CERT_DestroyCertificate(sec->localCert);
sec->localCert = NULL;
}
if (sec->peerCert) {
CERT_DestroyCertificate(sec->peerCert);
sec->peerCert = NULL;
}
if (sec->peerKey) {
SECKEY_DestroyPublicKey(sec->peerKey);
sec->peerKey = NULL;
}
/* cleanup the ci */
if (sec->ci.sid != NULL) {
ssl_FreeSID(sec->ci.sid);
}
PORT_ZFree(sec->ci.sendBuf.buf, sec->ci.sendBuf.space);
if (doMemset) {
memset(&sec->ci, 0, sizeof sec->ci);
}
}
/* Generates a new EC key pair. The private key is a random value and
* the public key is the result of performing a scalar point multiplication
* of that value with the curve's base point.
*/
SECStatus
EC_NewKey(ECParams *ecParams, ECPrivateKey **privKey)
{
SECStatus rv = SECFailure;
#ifndef NSS_DISABLE_ECC
int len;
unsigned char *privKeyBytes = NULL;
if (!ecParams) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
len = ecParams->order.len;
privKeyBytes = ec_GenerateRandomPrivateKey(ecParams->order.data, len);
if (privKeyBytes == NULL) goto cleanup;
/* generate public key */
CHECK_SEC_OK( ec_NewKey(ecParams, privKey, privKeyBytes, len) );
cleanup:
if (privKeyBytes) {
PORT_ZFree(privKeyBytes, len);
}
#if EC_DEBUG
printf("EC_NewKey returning %s\n",
(rv == SECSuccess) ? "success" : "failure");
#endif
#else
PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
#endif /* NSS_DISABLE_ECC */
return rv;
}
/* Generates a new EC key pair. The private key is a random value and
* the public key is the result of performing a scalar point multiplication
* of that value with the curve's base point.
*/
SECStatus
EC_NewKey(ECParams *ecParams, ECPrivateKey **privKey,
const unsigned char* random, int randomlen, int kmflag)
{
SECStatus rv = SECFailure;
int len;
unsigned char *privKeyBytes = NULL;
if (!ecParams) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
len = ecParams->order.len;
privKeyBytes = ec_GenerateRandomPrivateKey(ecParams->order.data, len,
random, randomlen, kmflag);
if (privKeyBytes == NULL) goto cleanup;
/* generate public key */
CHECK_SEC_OK( ec_NewKey(ecParams, privKey, privKeyBytes, len, kmflag) );
cleanup:
if (privKeyBytes) {
PORT_ZFree(privKeyBytes, len * 2);
}
#if EC_DEBUG
printf("EC_NewKey returning %s\n",
(rv == SECSuccess) ? "success" : "failure");
#endif
return rv;
}
/*
** Computes the ECDSA signature on the digest using the given key
** and a random seed.
*/
SECStatus
ECDSA_SignDigest(ECPrivateKey *key, SECItem *signature, const SECItem *digest,
const unsigned char* random, int randomLen, int kmflag)
{
SECStatus rv = SECFailure;
int len;
unsigned char *kBytes= NULL;
if (!key) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
/* Generate random value k */
len = key->ecParams.order.len;
kBytes = ec_GenerateRandomPrivateKey(key->ecParams.order.data, len,
random, randomLen, kmflag);
if (kBytes == NULL) goto cleanup;
/* Generate ECDSA signature with the specified k value */
rv = ECDSA_SignDigestWithSeed(key, signature, digest, kBytes, len, kmflag);
cleanup:
if (kBytes) {
PORT_ZFree(kBytes, len * 2);
}
#if EC_DEBUG
printf("ECDSA signing %s\n",
(rv == SECSuccess) ? "succeeded" : "failed");
#endif
return rv;
}
/* BEWARE: This function gets called for both client and server SIDs !!
* If the unreferenced sid is not in the cache, Free sid and its contents.
*/
static void
ssl_DestroySID(sslSessionID *sid)
{
SSL_TRC(8, ("SSL: destroy sid: sid=0x%x cached=%d", sid, sid->cached));
PORT_Assert((sid->references == 0));
if (sid->cached == in_client_cache)
return; /* it will get taken care of next time cache is traversed. */
if (sid->version < SSL_LIBRARY_VERSION_3_0) {
SECITEM_ZfreeItem(&sid->u.ssl2.masterKey, PR_FALSE);
SECITEM_ZfreeItem(&sid->u.ssl2.cipherArg, PR_FALSE);
}
if (sid->peerID != NULL)
PORT_Free((void *)sid->peerID); /* CONST */
if (sid->urlSvrName != NULL)
PORT_Free((void *)sid->urlSvrName); /* CONST */
if ( sid->peerCert ) {
CERT_DestroyCertificate(sid->peerCert);
}
if ( sid->localCert ) {
CERT_DestroyCertificate(sid->localCert);
}
if (sid->u.ssl3.sessionTicket.ticket.data) {
SECITEM_FreeItem(&sid->u.ssl3.sessionTicket.ticket, PR_FALSE);
}
PORT_ZFree(sid, sizeof(sslSessionID));
}
/*
* save the current context. Allocate Space if necessary.
*/
static unsigned char *
pk11_saveContextHelper(PK11Context *context, unsigned char *buffer,
unsigned long *savedLength)
{
CK_RV crv;
/* If buffer is NULL, this will get the length */
crv = PK11_GETTAB(context->slot)->C_GetOperationState(context->session,
(CK_BYTE_PTR)buffer,
savedLength);
if (!buffer || (crv == CKR_BUFFER_TOO_SMALL)) {
/* the given buffer wasn't big enough (or was NULL), but we
* have the length, so try again with a new buffer and the
* correct length
*/
unsigned long bufLen = *savedLength;
buffer = PORT_Alloc(bufLen);
if (buffer == NULL) {
return (unsigned char *)NULL;
}
crv = PK11_GETTAB(context->slot)->C_GetOperationState(
context->session,
(CK_BYTE_PTR)buffer,
savedLength);
if (crv != CKR_OK) {
PORT_ZFree(buffer, bufLen);
}
}
if (crv != CKR_OK) {
PORT_SetError( PK11_MapError(crv) );
return (unsigned char *)NULL;
}
return buffer;
}
/*
* save the current context state into a variable. Required to make FORTEZZA
* work.
*/
SECStatus
PK11_SaveContext(PK11Context *cx,unsigned char *save,int *len, int saveLength)
{
unsigned char * data = NULL;
CK_ULONG length = saveLength;
if (cx->ownSession) {
PK11_EnterContextMonitor(cx);
data = pk11_saveContextHelper(cx, save, &length);
PK11_ExitContextMonitor(cx);
if (data) *len = length;
} else if ((unsigned) saveLength >= cx->savedLength) {
data = (unsigned char*)cx->savedData;
if (cx->savedData) {
PORT_Memcpy(save,cx->savedData,cx->savedLength);
}
*len = cx->savedLength;
}
if (data != NULL) {
if (cx->ownSession) {
PORT_ZFree(data, length);
}
return SECSuccess;
} else {
return SECFailure;
}
}
/*
** Called from SSL_ResetHandshake (above), and
** from ssl_FreeSocket in sslsock.c
** Caller should hold relevant locks (e.g. XmitBufLock)
*/
void
ssl_DestroySecurityInfo(sslSecurityInfo *sec)
{
ssl_ResetSecurityInfo(sec, PR_FALSE);
PORT_ZFree(sec->writeBuf.buf, sec->writeBuf.space);
sec->writeBuf.buf = 0;
memset(sec, 0, sizeof *sec);
}
static void
free_certificate_list(SECItem **certificate_list, cms_context *ctx)
{
if (!certificate_list)
return;
#if 0
for (int i = 0; certificate_list[i] != NULL; i++)
PORT_Free(certificate_list[i]);
PORT_ZFree(certificate_list, sizeof (SECItem) * 2);
#endif
}
DESContext *
DES_CreateContext(const BYTE * key, const BYTE *iv, int mode, PRBool encrypt)
{
DESContext *cx = PORT_ZNew(DESContext);
SECStatus rv = DES_InitContext(cx, key, 0, iv, mode, encrypt, 0);
if (rv != SECSuccess) {
PORT_ZFree(cx, sizeof *cx);
cx = NULL;
}
return cx;
}
/* BEWARE: This function gets called for both client and server SIDs !!
* If the unreferenced sid is not in the cache, Free sid and its contents.
*/
static void
ssl_DestroySID(sslSessionID *sid)
{
int i;
SSL_TRC(8, ("SSL: destroy sid: sid=0x%x cached=%d", sid, sid->cached));
PORT_Assert(sid->references == 0);
PORT_Assert(sid->cached != in_client_cache);
if (sid->version < SSL_LIBRARY_VERSION_3_0) {
SECITEM_ZfreeItem(&sid->u.ssl2.masterKey, PR_FALSE);
SECITEM_ZfreeItem(&sid->u.ssl2.cipherArg, PR_FALSE);
} else {
if (sid->u.ssl3.locked.sessionTicket.ticket.data) {
SECITEM_FreeItem(&sid->u.ssl3.locked.sessionTicket.ticket,
PR_FALSE);
}
if (sid->u.ssl3.srvName.data) {
SECITEM_FreeItem(&sid->u.ssl3.srvName, PR_FALSE);
}
if (sid->u.ssl3.originalHandshakeHash.data) {
SECITEM_FreeItem(&sid->u.ssl3.originalHandshakeHash, PR_FALSE);
}
if (sid->u.ssl3.signedCertTimestamps.data) {
SECITEM_FreeItem(&sid->u.ssl3.signedCertTimestamps, PR_FALSE);
}
if (sid->u.ssl3.lock) {
NSSRWLock_Destroy(sid->u.ssl3.lock);
}
}
if (sid->peerID != NULL)
PORT_Free((void *)sid->peerID); /* CONST */
if (sid->urlSvrName != NULL)
PORT_Free((void *)sid->urlSvrName); /* CONST */
if ( sid->peerCert ) {
CERT_DestroyCertificate(sid->peerCert);
}
for (i = 0; i < MAX_PEER_CERT_CHAIN_SIZE && sid->peerCertChain[i]; i++) {
CERT_DestroyCertificate(sid->peerCertChain[i]);
}
if (sid->peerCertStatus.items) {
SECITEM_FreeArray(&sid->peerCertStatus, PR_FALSE);
}
if ( sid->localCert ) {
CERT_DestroyCertificate(sid->localCert);
}
PORT_ZFree(sid, sizeof(sslSessionID));
}
void
SGN_DestroyContext(SGNContext *cx, PRBool freeit)
{
if (cx) {
if (cx->hashcx != NULL) {
(*cx->hashobj->destroy)(cx->hashcx, PR_TRUE);
cx->hashcx = NULL;
}
if (freeit) {
PORT_ZFree(cx, sizeof(SGNContext));
}
}
}
/*
* Initialize a new generator.
*/
RC4Context *
RC4_CreateContext(const unsigned char *key, int len)
{
RC4Context *cx = RC4_AllocateContext();
if (cx) {
SECStatus rv = RC4_InitContext(cx, key, len, NULL, 0, 0, 0);
if (rv != SECSuccess) {
PORT_ZFree(cx, sizeof(*cx));
cx = NULL;
}
}
return cx;
}
int
generate_signerInfo_list(SpcSignerInfo ***signerInfo_list_p, cms_context *ctx)
{
SpcSignerInfo **signerInfo_list;
int err;
if (!signerInfo_list_p)
return -1;
signerInfo_list = PORT_ArenaZAlloc(ctx->arena,
sizeof (SpcSignerInfo *) * 2);
if (!signerInfo_list)
return -1;
signerInfo_list[0] = PORT_ArenaZAlloc(ctx->arena,
sizeof (SpcSignerInfo));
if (!signerInfo_list[0]) {
err = PORT_GetError();
goto err_list;
}
if (generate_spc_signer_info(signerInfo_list[0], ctx) < 0) {
err = PORT_GetError();
goto err_item;
}
*signerInfo_list_p = signerInfo_list;
return 0;
err_item:
#if 0
PORT_ZFree(signerInfo_list[0], sizeof (SpcSignerInfo));
#endif
err_list:
#if 0
PORT_ZFree(signerInfo_list, sizeof (SpcSignerInfo *) * 2);
#endif
PORT_SetError(err);
return -1;
}
/*
* If zero is true, zeroize the arena memory before freeing it.
*/
void
PORT_FreeArena(PLArenaPool *arena, PRBool zero)
{
PORTArenaPool *pool = (PORTArenaPool *)arena;
PRLock * lock = (PRLock *)0;
size_t len = sizeof *arena;
extern const PRVersionDescription * libVersionPoint(void);
static const PRVersionDescription * pvd;
static PRBool doFreeArenaPool = PR_FALSE;
if (ARENAPOOL_MAGIC == pool->magic ) {
len = sizeof *pool;
lock = pool->lock;
PZ_Lock(lock);
}
if (!pvd) {
/* Each of NSPR's DLLs has a function libVersionPoint().
** We could do a lot of extra work to be sure we're calling the
** one in the DLL that holds PR_FreeArenaPool, but instead we
** rely on the fact that ALL NSPR DLLs in the same directory
** must be from the same release, and we call which ever one we get.
*/
/* no need for thread protection here */
pvd = libVersionPoint();
if ((pvd->vMajor > 4) ||
(pvd->vMajor == 4 && pvd->vMinor > 1) ||
(pvd->vMajor == 4 && pvd->vMinor == 1 && pvd->vPatch >= 1)) {
const char *ev = PR_GetEnv("NSS_DISABLE_ARENA_FREE_LIST");
if (!ev) doFreeArenaPool = PR_TRUE;
}
}
if (zero) {
PLArena *a;
for (a = arena->first.next; a; a = a->next) {
PR_ASSERT(a->base <= a->avail && a->avail <= a->limit);
memset((void *)a->base, 0, a->avail - a->base);
}
}
if (doFreeArenaPool) {
PL_FreeArenaPool(arena);
} else {
PL_FinishArenaPool(arena);
}
PORT_ZFree(arena, len);
if (lock) {
PZ_Unlock(lock);
PZ_DestroyLock(lock);
}
}
/* Reset sec back to its initial state.
** Caller holds any relevant locks.
*/
void
ssl_ResetSecurityInfo(sslSecurityInfo *sec, PRBool doMemset)
{
/* Destroy MAC */
if (sec->hash && sec->hashcx) {
(*sec->hash->destroy)(sec->hashcx, PR_TRUE);
sec->hashcx = NULL;
sec->hash = NULL;
}
SECITEM_ZfreeItem(&sec->sendSecret, PR_FALSE);
SECITEM_ZfreeItem(&sec->rcvSecret, PR_FALSE);
/* Destroy ciphers */
if (sec->destroy) {
(*sec->destroy)(sec->readcx, PR_TRUE);
(*sec->destroy)(sec->writecx, PR_TRUE);
sec->readcx = NULL;
sec->writecx = NULL;
} else {
PORT_Assert(sec->readcx == 0);
PORT_Assert(sec->writecx == 0);
}
sec->readcx = 0;
sec->writecx = 0;
if (sec->localCert) {
CERT_DestroyCertificate(sec->localCert);
sec->localCert = NULL;
}
if (sec->peerCert) {
CERT_DestroyCertificate(sec->peerCert);
sec->peerCert = NULL;
}
if (sec->peerKey) {
SECKEY_DestroyPublicKey(sec->peerKey);
sec->peerKey = NULL;
}
/* cleanup the ci */
if (sec->ci.sid != NULL) {
ssl_FreeSID(sec->ci.sid);
}
PORT_ZFree(sec->ci.sendBuf.buf, sec->ci.sendBuf.space);
if (doMemset) {
memset(&sec->ci, 0, sizeof sec->ci);
}
}
static void
ssl_FreeCipherSpec(ssl3CipherSpec *spec)
{
SSL_TRC(10, ("%d: SSL[-]: Freeing %s spec %d. epoch=%d",
SSL_GETPID(), SPEC_DIR(spec), spec, spec->epoch));
PR_REMOVE_LINK(&spec->link);
/* PORT_Assert( ss->opt.noLocks || ssl_HaveSpecWriteLock(ss)); Don't have ss! */
if (spec->cipherContext) {
PK11_DestroyContext(spec->cipherContext, PR_TRUE);
}
PK11_FreeSymKey(spec->masterSecret);
ssl_DestroyKeyMaterial(&spec->keyMaterial);
PORT_ZFree(spec, sizeof(*spec));
}
/* Generate a random private key using the algorithm A.4.1 of ANSI X9.62,
* modified a la FIPS 186-2 Change Notice 1 to eliminate the bias in the
* random number generator.
*
* Parameters
* - order: a buffer that holds the curve's group order
* - len: the length in octets of the order buffer
*
* Return Value
* Returns a buffer of len octets that holds the private key. The caller
* is responsible for freeing the buffer with PORT_ZFree.
*/
static unsigned char *
ec_GenerateRandomPrivateKey(const unsigned char *order, int len)
{
SECStatus rv = SECSuccess;
mp_err err;
unsigned char *privKeyBytes = NULL;
mp_int privKeyVal, order_1, one;
MP_DIGITS(&privKeyVal) = 0;
MP_DIGITS(&order_1) = 0;
MP_DIGITS(&one) = 0;
CHECK_MPI_OK(mp_init(&privKeyVal));
CHECK_MPI_OK(mp_init(&order_1));
CHECK_MPI_OK(mp_init(&one));
/* Generates 2*len random bytes using the global random bit generator
* (which implements Algorithm 1 of FIPS 186-2 Change Notice 1) then
* reduces modulo the group order.
*/
if ((privKeyBytes = PORT_Alloc(2 * len)) == NULL)
goto cleanup;
CHECK_SEC_OK(RNG_GenerateGlobalRandomBytes(privKeyBytes, 2 * len));
CHECK_MPI_OK(mp_read_unsigned_octets(&privKeyVal, privKeyBytes, 2 * len));
CHECK_MPI_OK(mp_read_unsigned_octets(&order_1, order, len));
CHECK_MPI_OK(mp_set_int(&one, 1));
CHECK_MPI_OK(mp_sub(&order_1, &one, &order_1));
CHECK_MPI_OK(mp_mod(&privKeyVal, &order_1, &privKeyVal));
CHECK_MPI_OK(mp_add(&privKeyVal, &one, &privKeyVal));
CHECK_MPI_OK(mp_to_fixlen_octets(&privKeyVal, privKeyBytes, len));
memset(privKeyBytes + len, 0, len);
cleanup:
mp_clear(&privKeyVal);
mp_clear(&order_1);
mp_clear(&one);
if (err < MP_OKAY) {
MP_TO_SEC_ERROR(err);
rv = SECFailure;
}
if (rv != SECSuccess && privKeyBytes) {
PORT_ZFree(privKeyBytes, 2 * len);
privKeyBytes = NULL;
}
return privKeyBytes;
}
static int
generate_certificate_list(SECItem ***certificate_list_p, cms_context *ctx)
{
SECItem **certificates = NULL;
certificates = PORT_ArenaZAlloc(ctx->arena, sizeof (SECItem *) * 2);
if (!certificates)
return -1;
certificates[0] = PORT_ArenaZAlloc(ctx->arena, sizeof (SECItem));
if (!certificates[0]) {
int err = PORT_GetError();
PORT_ZFree(certificates, sizeof (SECItem) * 2);
PORT_SetError(err);
return -1;
}
SECITEM_CopyItem(ctx->arena, certificates[0], &ctx->cert->derCert);
*certificate_list_p = certificates;
return 0;
}
/*
* Test vector API. Use NIST SP 800-90 general interface so one of the
* other NIST SP 800-90 algorithms may be used in the future.
*/
SECStatus
PRNGTEST_Instantiate(const PRUint8 *entropy, unsigned int entropy_len,
const PRUint8 *nonce, unsigned int nonce_len,
const PRUint8 *personal_string, unsigned int ps_len)
{
int bytes_len = entropy_len + nonce_len + ps_len;
PRUint8 *bytes = NULL;
SECStatus rv;
if (entropy_len < 256/PR_BITS_PER_BYTE) {
PORT_SetError(SEC_ERROR_NEED_RANDOM);
return SECFailure;
}
bytes = PORT_Alloc(bytes_len);
if (bytes == NULL) {
PORT_SetError(SEC_ERROR_NO_MEMORY);
return SECFailure;
}
/* concatenate the various inputs, internally NSS only instantiates with
* a single long string */
PORT_Memcpy(bytes, entropy, entropy_len);
if (nonce) {
PORT_Memcpy(&bytes[entropy_len], nonce, nonce_len);
} else {
PORT_Assert(nonce_len == 0);
}
if (personal_string) {
PORT_Memcpy(&bytes[entropy_len+nonce_len], personal_string, ps_len);
} else {
PORT_Assert(ps_len == 0);
}
rv = prng_instantiate(&testContext, bytes, bytes_len);
PORT_ZFree(bytes, bytes_len);
if (rv == SECFailure) {
return SECFailure;
}
testContext.isValid = PR_TRUE;
return SECSuccess;
}
