static int generate_algorithm_id_list(cms_context *cms, SECAlgorithmID ***algorithm_list_p) { SECAlgorithmID **algorithms = NULL; int err = 0; algorithms = PORT_ArenaZAlloc(cms->arena, sizeof (SECAlgorithmID *) * 2); if (!algorithms) return -1; algorithms[0] = PORT_ArenaZAlloc(cms->arena, sizeof(SECAlgorithmID)); if (!algorithms[0]) { err = PORT_GetError(); goto err_list; } if (generate_algorithm_id(cms, algorithms[0], digest_get_digest_oid(cms)) < 0) { err = PORT_GetError(); goto err_item; } *algorithm_list_p = algorithms; return 0; err_item: PORT_ZFree(algorithms[0], sizeof (SECAlgorithmID)); err_list: PORT_ZFree(algorithms, sizeof (SECAlgorithmID *) * 2); PORT_SetError(err); return -1; }
static void sftk_TLSPRFHashDestroy(TLSPRFContext *cx, PRBool freeit) { if (freeit) { if (cx->cxBufPtr != cx->cxBuf) PORT_ZFree(cx->cxBufPtr, cx->cxBufSize); PORT_ZFree(cx, cx->cxSize); } }
void SECITEM_ZfreeItem(SecAsn1Item *zap, Boolean freeit) { if (zap) { PORT_ZFree(zap->Data, zap->Length); zap->Data = 0; zap->Length = 0; if (freeit) { PORT_ZFree(zap, sizeof(SecAsn1Item)); } } }
void SECITEM_ZfreeItem(SECItem *zap, PRBool freeit) { if (zap) { PORT_ZFree(zap->data, zap->len); zap->data = 0; zap->len = 0; if (freeit) { PORT_ZFree(zap, sizeof(SECItem)); } } }
void free_algorithm_list(SECAlgorithmID **algorithm_list, cms_context *ctx) { if (!algorithm_list) return; #if 0 for (int i = 0; algorithm_list[i] != NULL; i++) { PORT_ZFree(algorithm_list[i], sizeof (SECAlgorithmID)); } PORT_ZFree(algorithm_list, sizeof (SECAlgorithmID *) * 2); #endif }
static SECStatus generate_prime(mp_int *prime, int primeLen) { mp_err err = MP_OKAY; SECStatus rv = SECSuccess; unsigned long counter = 0; int piter; unsigned char *pb = NULL; pb = PORT_Alloc(primeLen); if (!pb) { PORT_SetError(SEC_ERROR_NO_MEMORY); goto cleanup; } for (piter = 0; piter < MAX_PRIME_GEN_ATTEMPTS; piter++) { CHECK_SEC_OK( RNG_GenerateGlobalRandomBytes(pb, primeLen) ); pb[0] |= 0xC0; /* set two high-order bits */ pb[primeLen-1] |= 0x01; /* set low-order bit */ CHECK_MPI_OK( mp_read_unsigned_octets(prime, pb, primeLen) ); err = mpp_make_prime(prime, primeLen * 8, PR_FALSE, &counter); if (err != MP_NO) goto cleanup; /* keep going while err == MP_NO */ } cleanup: if (pb) PORT_ZFree(pb, primeLen); if (err) { MP_TO_SEC_ERROR(err); rv = SECFailure; } return rv; }
static SECStatus sftk_TLSPRFVerify(TLSPRFContext *cx, unsigned char *sig, /* input, for comparison. */ unsigned int sigLen, /* length of sig. */ unsigned char *hash, /* data to be verified. */ unsigned int hashLen) /* size of hash data. */ { unsigned char * tmp = (unsigned char *)PORT_Alloc(sigLen); unsigned int tmpLen = sigLen; SECStatus rv; if (!tmp) return SECFailure; if (hashLen) { /* hashLen is non-zero when the user does a one-step verify. ** In this case, none of the data has been input yet. */ sftk_TLSPRFHashUpdate(cx, hash, hashLen); } rv = sftk_TLSPRFUpdate(cx, tmp, &tmpLen, sigLen, NULL, 0); if (rv == SECSuccess) { rv = (SECStatus)(1 - !PORT_Memcmp(tmp, sig, sigLen)); } PORT_ZFree(tmp, sigLen); return rv; }
static void sftk_TLSPRFHashUpdate(TLSPRFContext *cx, const unsigned char *data, unsigned int data_len) { PRUint32 bytesUsed = cx->cxKeyLen + cx->cxDataLen; if (cx->cxRv != SECSuccess) /* function has previously failed. */ return; if (bytesUsed + data_len > cx->cxBufSize) { /* We don't use realloc here because ** (a) realloc doesn't zero out the old block, and ** (b) if realloc fails, we lose the old block. */ PRUint32 newBufSize = bytesUsed + data_len + 512; unsigned char * newBuf = (unsigned char *)PORT_Alloc(newBufSize); if (!newBuf) { cx->cxRv = SECFailure; return; } PORT_Memcpy(newBuf, cx->cxBufPtr, bytesUsed); if (cx->cxBufPtr != cx->cxBuf) { PORT_ZFree(cx->cxBufPtr, bytesUsed); } cx->cxBufPtr = newBuf; cx->cxBufSize = newBufSize; } PORT_Memcpy(cx->cxBufPtr + bytesUsed, data, data_len); cx->cxDataLen += data_len; }
/* * If zero is true, zeroize the arena memory before freeing it. */ void PORT_FreeArena(PLArenaPool *arena, PRBool zero) { PORTArenaPool *pool = (PORTArenaPool *)arena; PRLock * lock = (PRLock *)0; size_t len = sizeof *arena; static PRBool checkedEnv = PR_FALSE; static PRBool doFreeArenaPool = PR_FALSE; if (!pool) return; if (ARENAPOOL_MAGIC == pool->magic ) { len = sizeof *pool; lock = pool->lock; PZ_Lock(lock); } if (!checkedEnv) { /* no need for thread protection here */ doFreeArenaPool = (PR_GetEnv("NSS_DISABLE_ARENA_FREE_LIST") == NULL); checkedEnv = PR_TRUE; } if (zero) { PL_ClearArenaPool(arena, 0); } if (doFreeArenaPool) { PL_FreeArenaPool(arena); } else { PL_FinishArenaPool(arena); } PORT_ZFree(arena, len); if (lock) { PZ_Unlock(lock); PZ_DestroyLock(lock); } }
/* * If zero is true, zeroize the arena memory before freeing it. */ void PORT_FreeArena(PLArenaPool *arena, PRBool zero) { PORTArenaPool *pool = (PORTArenaPool *)arena; PRLock *lock = (PRLock *)0; size_t len = sizeof *arena; if (!pool) return; if (ARENAPOOL_MAGIC == pool->magic) { len = sizeof *pool; lock = pool->lock; PZ_Lock(lock); } if (zero) { PL_ClearArenaPool(arena, 0); } (void)PR_CallOnce(&setupUseFreeListOnce, &SetupUseFreeList); if (useFreeList) { PL_FreeArenaPool(arena); } else { PL_FinishArenaPool(arena); } PORT_ZFree(arena, len); if (lock) { PZ_Unlock(lock); PZ_DestroyLock(lock); } }
/* Reset sec back to its initial state. ** Caller holds any relevant locks. */ void ssl_ResetSecurityInfo(sslSecurityInfo *sec, PRBool doMemset) { if (sec->localCert) { CERT_DestroyCertificate(sec->localCert); sec->localCert = NULL; } if (sec->peerCert) { CERT_DestroyCertificate(sec->peerCert); sec->peerCert = NULL; } if (sec->peerKey) { SECKEY_DestroyPublicKey(sec->peerKey); sec->peerKey = NULL; } /* cleanup the ci */ if (sec->ci.sid != NULL) { ssl_FreeSID(sec->ci.sid); } PORT_ZFree(sec->ci.sendBuf.buf, sec->ci.sendBuf.space); if (doMemset) { memset(&sec->ci, 0, sizeof sec->ci); } }
/* Generates a new EC key pair. The private key is a random value and * the public key is the result of performing a scalar point multiplication * of that value with the curve's base point. */ SECStatus EC_NewKey(ECParams *ecParams, ECPrivateKey **privKey) { SECStatus rv = SECFailure; #ifndef NSS_DISABLE_ECC int len; unsigned char *privKeyBytes = NULL; if (!ecParams) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } len = ecParams->order.len; privKeyBytes = ec_GenerateRandomPrivateKey(ecParams->order.data, len); if (privKeyBytes == NULL) goto cleanup; /* generate public key */ CHECK_SEC_OK( ec_NewKey(ecParams, privKey, privKeyBytes, len) ); cleanup: if (privKeyBytes) { PORT_ZFree(privKeyBytes, len); } #if EC_DEBUG printf("EC_NewKey returning %s\n", (rv == SECSuccess) ? "success" : "failure"); #endif #else PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); #endif /* NSS_DISABLE_ECC */ return rv; }
/* Generates a new EC key pair. The private key is a random value and * the public key is the result of performing a scalar point multiplication * of that value with the curve's base point. */ SECStatus EC_NewKey(ECParams *ecParams, ECPrivateKey **privKey, const unsigned char* random, int randomlen, int kmflag) { SECStatus rv = SECFailure; int len; unsigned char *privKeyBytes = NULL; if (!ecParams) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } len = ecParams->order.len; privKeyBytes = ec_GenerateRandomPrivateKey(ecParams->order.data, len, random, randomlen, kmflag); if (privKeyBytes == NULL) goto cleanup; /* generate public key */ CHECK_SEC_OK( ec_NewKey(ecParams, privKey, privKeyBytes, len, kmflag) ); cleanup: if (privKeyBytes) { PORT_ZFree(privKeyBytes, len * 2); } #if EC_DEBUG printf("EC_NewKey returning %s\n", (rv == SECSuccess) ? "success" : "failure"); #endif return rv; }
/* ** Computes the ECDSA signature on the digest using the given key ** and a random seed. */ SECStatus ECDSA_SignDigest(ECPrivateKey *key, SECItem *signature, const SECItem *digest, const unsigned char* random, int randomLen, int kmflag) { SECStatus rv = SECFailure; int len; unsigned char *kBytes= NULL; if (!key) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } /* Generate random value k */ len = key->ecParams.order.len; kBytes = ec_GenerateRandomPrivateKey(key->ecParams.order.data, len, random, randomLen, kmflag); if (kBytes == NULL) goto cleanup; /* Generate ECDSA signature with the specified k value */ rv = ECDSA_SignDigestWithSeed(key, signature, digest, kBytes, len, kmflag); cleanup: if (kBytes) { PORT_ZFree(kBytes, len * 2); } #if EC_DEBUG printf("ECDSA signing %s\n", (rv == SECSuccess) ? "succeeded" : "failed"); #endif return rv; }
/* BEWARE: This function gets called for both client and server SIDs !! * If the unreferenced sid is not in the cache, Free sid and its contents. */ static void ssl_DestroySID(sslSessionID *sid) { SSL_TRC(8, ("SSL: destroy sid: sid=0x%x cached=%d", sid, sid->cached)); PORT_Assert((sid->references == 0)); if (sid->cached == in_client_cache) return; /* it will get taken care of next time cache is traversed. */ if (sid->version < SSL_LIBRARY_VERSION_3_0) { SECITEM_ZfreeItem(&sid->u.ssl2.masterKey, PR_FALSE); SECITEM_ZfreeItem(&sid->u.ssl2.cipherArg, PR_FALSE); } if (sid->peerID != NULL) PORT_Free((void *)sid->peerID); /* CONST */ if (sid->urlSvrName != NULL) PORT_Free((void *)sid->urlSvrName); /* CONST */ if ( sid->peerCert ) { CERT_DestroyCertificate(sid->peerCert); } if ( sid->localCert ) { CERT_DestroyCertificate(sid->localCert); } if (sid->u.ssl3.sessionTicket.ticket.data) { SECITEM_FreeItem(&sid->u.ssl3.sessionTicket.ticket, PR_FALSE); } PORT_ZFree(sid, sizeof(sslSessionID)); }
/* * save the current context. Allocate Space if necessary. */ static unsigned char * pk11_saveContextHelper(PK11Context *context, unsigned char *buffer, unsigned long *savedLength) { CK_RV crv; /* If buffer is NULL, this will get the length */ crv = PK11_GETTAB(context->slot)->C_GetOperationState(context->session, (CK_BYTE_PTR)buffer, savedLength); if (!buffer || (crv == CKR_BUFFER_TOO_SMALL)) { /* the given buffer wasn't big enough (or was NULL), but we * have the length, so try again with a new buffer and the * correct length */ unsigned long bufLen = *savedLength; buffer = PORT_Alloc(bufLen); if (buffer == NULL) { return (unsigned char *)NULL; } crv = PK11_GETTAB(context->slot)->C_GetOperationState( context->session, (CK_BYTE_PTR)buffer, savedLength); if (crv != CKR_OK) { PORT_ZFree(buffer, bufLen); } } if (crv != CKR_OK) { PORT_SetError( PK11_MapError(crv) ); return (unsigned char *)NULL; } return buffer; }
/* * save the current context state into a variable. Required to make FORTEZZA * work. */ SECStatus PK11_SaveContext(PK11Context *cx,unsigned char *save,int *len, int saveLength) { unsigned char * data = NULL; CK_ULONG length = saveLength; if (cx->ownSession) { PK11_EnterContextMonitor(cx); data = pk11_saveContextHelper(cx, save, &length); PK11_ExitContextMonitor(cx); if (data) *len = length; } else if ((unsigned) saveLength >= cx->savedLength) { data = (unsigned char*)cx->savedData; if (cx->savedData) { PORT_Memcpy(save,cx->savedData,cx->savedLength); } *len = cx->savedLength; } if (data != NULL) { if (cx->ownSession) { PORT_ZFree(data, length); } return SECSuccess; } else { return SECFailure; } }
/* ** Called from SSL_ResetHandshake (above), and ** from ssl_FreeSocket in sslsock.c ** Caller should hold relevant locks (e.g. XmitBufLock) */ void ssl_DestroySecurityInfo(sslSecurityInfo *sec) { ssl_ResetSecurityInfo(sec, PR_FALSE); PORT_ZFree(sec->writeBuf.buf, sec->writeBuf.space); sec->writeBuf.buf = 0; memset(sec, 0, sizeof *sec); }
static void free_certificate_list(SECItem **certificate_list, cms_context *ctx) { if (!certificate_list) return; #if 0 for (int i = 0; certificate_list[i] != NULL; i++) PORT_Free(certificate_list[i]); PORT_ZFree(certificate_list, sizeof (SECItem) * 2); #endif }
DESContext * DES_CreateContext(const BYTE * key, const BYTE *iv, int mode, PRBool encrypt) { DESContext *cx = PORT_ZNew(DESContext); SECStatus rv = DES_InitContext(cx, key, 0, iv, mode, encrypt, 0); if (rv != SECSuccess) { PORT_ZFree(cx, sizeof *cx); cx = NULL; } return cx; }
/* BEWARE: This function gets called for both client and server SIDs !! * If the unreferenced sid is not in the cache, Free sid and its contents. */ static void ssl_DestroySID(sslSessionID *sid) { int i; SSL_TRC(8, ("SSL: destroy sid: sid=0x%x cached=%d", sid, sid->cached)); PORT_Assert(sid->references == 0); PORT_Assert(sid->cached != in_client_cache); if (sid->version < SSL_LIBRARY_VERSION_3_0) { SECITEM_ZfreeItem(&sid->u.ssl2.masterKey, PR_FALSE); SECITEM_ZfreeItem(&sid->u.ssl2.cipherArg, PR_FALSE); } else { if (sid->u.ssl3.locked.sessionTicket.ticket.data) { SECITEM_FreeItem(&sid->u.ssl3.locked.sessionTicket.ticket, PR_FALSE); } if (sid->u.ssl3.srvName.data) { SECITEM_FreeItem(&sid->u.ssl3.srvName, PR_FALSE); } if (sid->u.ssl3.originalHandshakeHash.data) { SECITEM_FreeItem(&sid->u.ssl3.originalHandshakeHash, PR_FALSE); } if (sid->u.ssl3.signedCertTimestamps.data) { SECITEM_FreeItem(&sid->u.ssl3.signedCertTimestamps, PR_FALSE); } if (sid->u.ssl3.lock) { NSSRWLock_Destroy(sid->u.ssl3.lock); } } if (sid->peerID != NULL) PORT_Free((void *)sid->peerID); /* CONST */ if (sid->urlSvrName != NULL) PORT_Free((void *)sid->urlSvrName); /* CONST */ if ( sid->peerCert ) { CERT_DestroyCertificate(sid->peerCert); } for (i = 0; i < MAX_PEER_CERT_CHAIN_SIZE && sid->peerCertChain[i]; i++) { CERT_DestroyCertificate(sid->peerCertChain[i]); } if (sid->peerCertStatus.items) { SECITEM_FreeArray(&sid->peerCertStatus, PR_FALSE); } if ( sid->localCert ) { CERT_DestroyCertificate(sid->localCert); } PORT_ZFree(sid, sizeof(sslSessionID)); }
void SGN_DestroyContext(SGNContext *cx, PRBool freeit) { if (cx) { if (cx->hashcx != NULL) { (*cx->hashobj->destroy)(cx->hashcx, PR_TRUE); cx->hashcx = NULL; } if (freeit) { PORT_ZFree(cx, sizeof(SGNContext)); } } }
/* * Initialize a new generator. */ RC4Context * RC4_CreateContext(const unsigned char *key, int len) { RC4Context *cx = RC4_AllocateContext(); if (cx) { SECStatus rv = RC4_InitContext(cx, key, len, NULL, 0, 0, 0); if (rv != SECSuccess) { PORT_ZFree(cx, sizeof(*cx)); cx = NULL; } } return cx; }
int generate_signerInfo_list(SpcSignerInfo ***signerInfo_list_p, cms_context *ctx) { SpcSignerInfo **signerInfo_list; int err; if (!signerInfo_list_p) return -1; signerInfo_list = PORT_ArenaZAlloc(ctx->arena, sizeof (SpcSignerInfo *) * 2); if (!signerInfo_list) return -1; signerInfo_list[0] = PORT_ArenaZAlloc(ctx->arena, sizeof (SpcSignerInfo)); if (!signerInfo_list[0]) { err = PORT_GetError(); goto err_list; } if (generate_spc_signer_info(signerInfo_list[0], ctx) < 0) { err = PORT_GetError(); goto err_item; } *signerInfo_list_p = signerInfo_list; return 0; err_item: #if 0 PORT_ZFree(signerInfo_list[0], sizeof (SpcSignerInfo)); #endif err_list: #if 0 PORT_ZFree(signerInfo_list, sizeof (SpcSignerInfo *) * 2); #endif PORT_SetError(err); return -1; }
/* * If zero is true, zeroize the arena memory before freeing it. */ void PORT_FreeArena(PLArenaPool *arena, PRBool zero) { PORTArenaPool *pool = (PORTArenaPool *)arena; PRLock * lock = (PRLock *)0; size_t len = sizeof *arena; extern const PRVersionDescription * libVersionPoint(void); static const PRVersionDescription * pvd; static PRBool doFreeArenaPool = PR_FALSE; if (ARENAPOOL_MAGIC == pool->magic ) { len = sizeof *pool; lock = pool->lock; PZ_Lock(lock); } if (!pvd) { /* Each of NSPR's DLLs has a function libVersionPoint(). ** We could do a lot of extra work to be sure we're calling the ** one in the DLL that holds PR_FreeArenaPool, but instead we ** rely on the fact that ALL NSPR DLLs in the same directory ** must be from the same release, and we call which ever one we get. */ /* no need for thread protection here */ pvd = libVersionPoint(); if ((pvd->vMajor > 4) || (pvd->vMajor == 4 && pvd->vMinor > 1) || (pvd->vMajor == 4 && pvd->vMinor == 1 && pvd->vPatch >= 1)) { const char *ev = PR_GetEnv("NSS_DISABLE_ARENA_FREE_LIST"); if (!ev) doFreeArenaPool = PR_TRUE; } } if (zero) { PLArena *a; for (a = arena->first.next; a; a = a->next) { PR_ASSERT(a->base <= a->avail && a->avail <= a->limit); memset((void *)a->base, 0, a->avail - a->base); } } if (doFreeArenaPool) { PL_FreeArenaPool(arena); } else { PL_FinishArenaPool(arena); } PORT_ZFree(arena, len); if (lock) { PZ_Unlock(lock); PZ_DestroyLock(lock); } }
/* Reset sec back to its initial state. ** Caller holds any relevant locks. */ void ssl_ResetSecurityInfo(sslSecurityInfo *sec, PRBool doMemset) { /* Destroy MAC */ if (sec->hash && sec->hashcx) { (*sec->hash->destroy)(sec->hashcx, PR_TRUE); sec->hashcx = NULL; sec->hash = NULL; } SECITEM_ZfreeItem(&sec->sendSecret, PR_FALSE); SECITEM_ZfreeItem(&sec->rcvSecret, PR_FALSE); /* Destroy ciphers */ if (sec->destroy) { (*sec->destroy)(sec->readcx, PR_TRUE); (*sec->destroy)(sec->writecx, PR_TRUE); sec->readcx = NULL; sec->writecx = NULL; } else { PORT_Assert(sec->readcx == 0); PORT_Assert(sec->writecx == 0); } sec->readcx = 0; sec->writecx = 0; if (sec->localCert) { CERT_DestroyCertificate(sec->localCert); sec->localCert = NULL; } if (sec->peerCert) { CERT_DestroyCertificate(sec->peerCert); sec->peerCert = NULL; } if (sec->peerKey) { SECKEY_DestroyPublicKey(sec->peerKey); sec->peerKey = NULL; } /* cleanup the ci */ if (sec->ci.sid != NULL) { ssl_FreeSID(sec->ci.sid); } PORT_ZFree(sec->ci.sendBuf.buf, sec->ci.sendBuf.space); if (doMemset) { memset(&sec->ci, 0, sizeof sec->ci); } }
static void ssl_FreeCipherSpec(ssl3CipherSpec *spec) { SSL_TRC(10, ("%d: SSL[-]: Freeing %s spec %d. epoch=%d", SSL_GETPID(), SPEC_DIR(spec), spec, spec->epoch)); PR_REMOVE_LINK(&spec->link); /* PORT_Assert( ss->opt.noLocks || ssl_HaveSpecWriteLock(ss)); Don't have ss! */ if (spec->cipherContext) { PK11_DestroyContext(spec->cipherContext, PR_TRUE); } PK11_FreeSymKey(spec->masterSecret); ssl_DestroyKeyMaterial(&spec->keyMaterial); PORT_ZFree(spec, sizeof(*spec)); }
/* Generate a random private key using the algorithm A.4.1 of ANSI X9.62, * modified a la FIPS 186-2 Change Notice 1 to eliminate the bias in the * random number generator. * * Parameters * - order: a buffer that holds the curve's group order * - len: the length in octets of the order buffer * * Return Value * Returns a buffer of len octets that holds the private key. The caller * is responsible for freeing the buffer with PORT_ZFree. */ static unsigned char * ec_GenerateRandomPrivateKey(const unsigned char *order, int len) { SECStatus rv = SECSuccess; mp_err err; unsigned char *privKeyBytes = NULL; mp_int privKeyVal, order_1, one; MP_DIGITS(&privKeyVal) = 0; MP_DIGITS(&order_1) = 0; MP_DIGITS(&one) = 0; CHECK_MPI_OK(mp_init(&privKeyVal)); CHECK_MPI_OK(mp_init(&order_1)); CHECK_MPI_OK(mp_init(&one)); /* Generates 2*len random bytes using the global random bit generator * (which implements Algorithm 1 of FIPS 186-2 Change Notice 1) then * reduces modulo the group order. */ if ((privKeyBytes = PORT_Alloc(2 * len)) == NULL) goto cleanup; CHECK_SEC_OK(RNG_GenerateGlobalRandomBytes(privKeyBytes, 2 * len)); CHECK_MPI_OK(mp_read_unsigned_octets(&privKeyVal, privKeyBytes, 2 * len)); CHECK_MPI_OK(mp_read_unsigned_octets(&order_1, order, len)); CHECK_MPI_OK(mp_set_int(&one, 1)); CHECK_MPI_OK(mp_sub(&order_1, &one, &order_1)); CHECK_MPI_OK(mp_mod(&privKeyVal, &order_1, &privKeyVal)); CHECK_MPI_OK(mp_add(&privKeyVal, &one, &privKeyVal)); CHECK_MPI_OK(mp_to_fixlen_octets(&privKeyVal, privKeyBytes, len)); memset(privKeyBytes + len, 0, len); cleanup: mp_clear(&privKeyVal); mp_clear(&order_1); mp_clear(&one); if (err < MP_OKAY) { MP_TO_SEC_ERROR(err); rv = SECFailure; } if (rv != SECSuccess && privKeyBytes) { PORT_ZFree(privKeyBytes, 2 * len); privKeyBytes = NULL; } return privKeyBytes; }
static int generate_certificate_list(SECItem ***certificate_list_p, cms_context *ctx) { SECItem **certificates = NULL; certificates = PORT_ArenaZAlloc(ctx->arena, sizeof (SECItem *) * 2); if (!certificates) return -1; certificates[0] = PORT_ArenaZAlloc(ctx->arena, sizeof (SECItem)); if (!certificates[0]) { int err = PORT_GetError(); PORT_ZFree(certificates, sizeof (SECItem) * 2); PORT_SetError(err); return -1; } SECITEM_CopyItem(ctx->arena, certificates[0], &ctx->cert->derCert); *certificate_list_p = certificates; return 0; }
/* * Test vector API. Use NIST SP 800-90 general interface so one of the * other NIST SP 800-90 algorithms may be used in the future. */ SECStatus PRNGTEST_Instantiate(const PRUint8 *entropy, unsigned int entropy_len, const PRUint8 *nonce, unsigned int nonce_len, const PRUint8 *personal_string, unsigned int ps_len) { int bytes_len = entropy_len + nonce_len + ps_len; PRUint8 *bytes = NULL; SECStatus rv; if (entropy_len < 256/PR_BITS_PER_BYTE) { PORT_SetError(SEC_ERROR_NEED_RANDOM); return SECFailure; } bytes = PORT_Alloc(bytes_len); if (bytes == NULL) { PORT_SetError(SEC_ERROR_NO_MEMORY); return SECFailure; } /* concatenate the various inputs, internally NSS only instantiates with * a single long string */ PORT_Memcpy(bytes, entropy, entropy_len); if (nonce) { PORT_Memcpy(&bytes[entropy_len], nonce, nonce_len); } else { PORT_Assert(nonce_len == 0); } if (personal_string) { PORT_Memcpy(&bytes[entropy_len+nonce_len], personal_string, ps_len); } else { PORT_Assert(ps_len == 0); } rv = prng_instantiate(&testContext, bytes, bytes_len); PORT_ZFree(bytes, bytes_len); if (rv == SECFailure) { return SECFailure; } testContext.isValid = PR_TRUE; return SECSuccess; }