SECKEYPublicKey* CryptoKey::PublicKeyFromSpki(CryptoBuffer& aKeyData, const nsNSSShutDownPreventionLock& /*proofOfLock*/) { ScopedSECItem spkiItem(aKeyData.ToSECItem()); if (!spkiItem) { return nullptr; } ScopedCERTSubjectPublicKeyInfo spki(SECKEY_DecodeDERSubjectPublicKeyInfo(spkiItem.get())); if (!spki) { return nullptr; } // Check for id-ecDH. Per the WebCrypto spec we must support it but NSS // does unfortunately not know about it. Let's change the algorithm to // id-ecPublicKey to make NSS happy. if (SECITEM_ItemsAreEqual(&SEC_OID_DATA_EC_DH, &spki->algorithm.algorithm)) { // Retrieve OID data for id-ecPublicKey (1.2.840.10045.2.1). SECOidData* oidData = SECOID_FindOIDByTag(SEC_OID_ANSIX962_EC_PUBLIC_KEY); if (!oidData) { return nullptr; } SECStatus rv = SECITEM_CopyItem(spki->arena, &spki->algorithm.algorithm, &oidData->oid); if (rv != SECSuccess) { return nullptr; } } return SECKEY_ExtractPublicKey(spki.get()); }
/* * SecCmsAlgArrayGetIndexByAlgTag - find a specific algorithm in an array of * algorithms. * * algorithmArray - array of algorithm IDs * algtag - algorithm tag of algorithm to pick * * Returns: * An integer containing the index of the algorithm in the array or -1 if * algorithm was not found. */ int SecCmsAlgArrayGetIndexByAlgTag(SECAlgorithmID **algorithmArray, SECOidTag algtag) { SECOidData *algid; int i = -1; if (algorithmArray == NULL || algorithmArray[0] == NULL) return i; #ifdef ORDER_N_SQUARED for (i = 0; algorithmArray[i] != NULL; i++) { algid = SECOID_FindOID(&(algorithmArray[i]->algorithm)); if (algid->offset == algtag) break; /* bingo */ } #else algid = SECOID_FindOIDByTag(algtag); if (!algid) return i; for (i = 0; algorithmArray[i] != NULL; i++) { if (SECITEM_ItemsAreEqual(&algorithmArray[i]->algorithm, &algid->oid)) break; /* bingo */ } #endif if (algorithmArray[i] == NULL) return -1; /* not found */ return i; }
NS_IMETHODIMP nsNSSCertificate::GetValidEVPolicyOid(nsACString &outDottedOid) { nsNSSShutDownPreventionLock locker; if (isAlreadyShutDown()) return NS_ERROR_NOT_AVAILABLE; SECOidTag oid_tag; PRBool valid; nsresult rv = getValidEVOidTag(oid_tag, valid); if (NS_FAILED(rv)) return rv; if (valid) { SECOidData *oid_data = SECOID_FindOIDByTag(oid_tag); if (!oid_data) return NS_ERROR_FAILURE; char *oid_str = CERT_GetOidString(&oid_data->oid); if (!oid_str) return NS_ERROR_FAILURE; outDottedOid = oid_str; PR_smprintf_free(oid_str); } return NS_OK; }
static SECOidData * HashTypeToOID(HASH_HashType hashtype) { SECOidTag hashtag; if (hashtype <= HASH_AlgNULL || hashtype >= HASH_AlgTOTAL) return NULL; switch (hashtype) { case HASH_AlgMD2: hashtag = SEC_OID_MD2; break; case HASH_AlgMD5: hashtag = SEC_OID_MD5; break; case HASH_AlgSHA1: hashtag = SEC_OID_SHA1; break; default: fprintf(stderr, "A new hash type has been added to HASH_HashType.\n"); fprintf(stderr, "This program needs to be updated!\n"); return NULL; } return SECOID_FindOIDByTag(hashtag); }
// Find the first policy OID that is known to be an EV policy OID. SECStatus GetFirstEVPolicy(CERTCertificate* cert, /*out*/ mozilla::pkix::CertPolicyId& policy, /*out*/ SECOidTag& policyOidTag) { if (!cert) { PR_SetError(SEC_ERROR_INVALID_ARGS, 0); return SECFailure; } if (cert->extensions) { for (int i=0; cert->extensions[i]; i++) { const SECItem* oid = &cert->extensions[i]->id; SECOidTag oidTag = SECOID_FindOIDTag(oid); if (oidTag != SEC_OID_X509_CERTIFICATE_POLICIES) continue; SECItem* value = &cert->extensions[i]->value; CERTCertificatePolicies* policies; CERTPolicyInfo** policyInfos; policies = CERT_DecodeCertificatePoliciesExtension(value); if (!policies) continue; policyInfos = policies->policyInfos; bool found = false; while (*policyInfos) { const CERTPolicyInfo* policyInfo = *policyInfos++; SECOidTag oid_tag = policyInfo->oid; if (oid_tag != SEC_OID_UNKNOWN && isEVPolicy(oid_tag)) { const SECOidData* oidData = SECOID_FindOIDByTag(oid_tag); PR_ASSERT(oidData); PR_ASSERT(oidData->oid.data); PR_ASSERT(oidData->oid.len > 0); PR_ASSERT(oidData->oid.len <= mozilla::pkix::CertPolicyId::MAX_BYTES); if (oidData && oidData->oid.data && oidData->oid.len > 0 && oidData->oid.len <= mozilla::pkix::CertPolicyId::MAX_BYTES) { policy.numBytes = static_cast<uint16_t>(oidData->oid.len); memcpy(policy.bytes, oidData->oid.data, policy.numBytes); policyOidTag = oid_tag; found = true; } break; } } CERT_DestroyCertificatePoliciesExtension(policies); if (found) { return SECSuccess; } } } PR_SetError(SEC_ERROR_POLICY_VALIDATION_FAILED, 0); return SECFailure; }
SECOidData * NSS_CMSSignerInfo_GetDigestAlg(NSSCMSSignerInfo *signerinfo) { SECOidData *algdata; SECOidTag algtag; algdata = SECOID_FindOID (&(signerinfo->digestAlg.algorithm)); if (algdata == NULL) { return algdata; } /* Windows may have given us a signer algorithm oid instead of a digest * algorithm oid. This call will map to a signer oid to a digest one, * otherwise it leaves the oid alone and let the chips fall as they may * if it's not a digest oid. */ algtag = NSS_CMSUtil_MapSignAlgs(algdata->offset); if (algtag != algdata->offset) { /* if the tags don't match, then we must have received a signer * algorithID. Now we need to get the oid data for the digest * oid, which the rest of the code is expecting */ algdata = SECOID_FindOIDByTag(algtag); } return algdata; }
SECStatus ssl3_ECName2Params(PLArenaPool * arena, ECName curve, SECKEYECParams * params) { SECOidData *oidData = NULL; PRUint32 policyFlags = 0; if ((curve <= ec_noName) || (curve >= ec_pastLastName) || ((oidData = SECOID_FindOIDByTag(ecName2OIDTag[curve])) == NULL)) { PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE); return SECFailure; } if (NSS_GetAlgorithmPolicy(ecName2OIDTag[curve], &policyFlags) == SECFailure || !(policyFlags & NSS_USE_ALG_IN_SSL_KX)) { PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE); return SECFailure; } SECITEM_AllocItem(arena, params, (2 + oidData->oid.len)); /* * params->data needs to contain the ASN encoding of an object ID (OID) * representing the named curve. The actual OID is in * oidData->oid.data so we simply prepend 0x06 and OID length */ params->data[0] = SEC_ASN1_OBJECT_ID; params->data[1] = oidData->oid.len; memcpy(params->data + 2, oidData->oid.data, oidData->oid.len); return SECSuccess; }
OSStatus SecCmsContentInfoSetContentOther(SecCmsMessageRef cmsg, SecCmsContentInfoRef cinfo, CSSM_DATA_PTR data, Boolean detached, const CSSM_OID *eContentType) { SECStatus srtn; SECOidData *tmpOidData; /* just like SecCmsContentInfoSetContentData, except override the contentType and * contentTypeTag. This OID is for encoding... */ srtn = SECITEM_CopyItem (cmsg->poolp, &(cinfo->contentType), eContentType); if (srtn != SECSuccess) { return memFullErr; } /* this serves up a contentTypeTag with an empty OID */ tmpOidData = SECOID_FindOIDByTag(SEC_OID_OTHER); /* but that's const: cook up a new one we can write to */ cinfo->contentTypeTag = (SECOidData *)PORT_ArenaZAlloc(cmsg->poolp, sizeof(SECOidData)); *cinfo->contentTypeTag = *tmpOidData; /* now fill in the OID */ srtn = SECITEM_CopyItem (cmsg->poolp, &(cinfo->contentTypeTag->oid), eContentType); if (srtn != SECSuccess) { return memFullErr; } cinfo->content.pointer = data; cinfo->rawContent = (detached) ? NULL : (data) ? data : SECITEM_AllocItem(cmsg->poolp, NULL, 1); return noErr; }
SECStatus ssl_NamedGroup2ECParams(PLArenaPool *arena, const sslNamedGroupDef *ecGroup, SECKEYECParams *params) { SECOidData *oidData = NULL; if (!params) { PORT_Assert(0); PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } if (!ecGroup || ecGroup->keaType != ssl_kea_ecdh || (oidData = SECOID_FindOIDByTag(ecGroup->oidTag)) == NULL) { PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE); return SECFailure; } if (SECITEM_AllocItem(arena, params, (2 + oidData->oid.len)) == NULL) { PORT_SetError(SEC_ERROR_NO_MEMORY); return SECFailure; } /* * params->data needs to contain the ASN encoding of an object ID (OID) * representing the named curve. The actual OID is in * oidData->oid.data so we simply prepend 0x06 and OID length */ params->data[0] = SEC_ASN1_OBJECT_ID; params->data[1] = oidData->oid.len; memcpy(params->data + 2, oidData->oid.data, oidData->oid.len); return SECSuccess; }
/* * SecCmsContentInfoSetContent - set content type & content */ OSStatus SecCmsContentInfoSetContent(SecCmsMessageRef cmsg, SecCmsContentInfoRef cinfo, SECOidTag type, void *ptr) { OSStatus rv; cinfo->contentTypeTag = SECOID_FindOIDByTag(type); if (cinfo->contentTypeTag == NULL) return paramErr; /* do not copy the oid, just create a reference */ rv = SECITEM_CopyItem (cmsg->poolp, &(cinfo->contentType), &(cinfo->contentTypeTag->oid)); if (rv != SECSuccess) return memFullErr; cinfo->content.pointer = ptr; if (type != SEC_OID_PKCS7_DATA) { /* as we always have some inner data, * we need to set it to something, just to fool the encoder enough to work on it * and get us into nss_cms_encoder_notify at that point */ cinfo->rawContent = SECITEM_AllocItem(cmsg->poolp, NULL, 1); if (cinfo->rawContent == NULL) { PORT_SetError(SEC_ERROR_NO_MEMORY); return memFullErr; } } return noErr; }
/* * NSS_SMIMEUtil_CreateSMIMECapabilities - get S/MIME capabilities for this instance of NSS * * scans the list of allowed and enabled ciphers and construct a PKCS9-compliant * S/MIME capabilities attribute value. * * XXX Please note that, in contradiction to RFC2633 2.5.2, the capabilities only include * symmetric ciphers, NO signature algorithms or key encipherment algorithms. * * "poolp" - arena pool to create the S/MIME capabilities data on * "dest" - SECItem to put the data in */ SECStatus NSS_SMIMEUtil_CreateSMIMECapabilities(PLArenaPool *poolp, SECItem *dest) { NSSSMIMECapability *cap; NSSSMIMECapability **smime_capabilities; smime_cipher_map_entry *map; SECOidData *oiddata; SECItem *dummy; int i, capIndex; /* if we have an old NSSSMIMECapability array, we'll reuse it (has the right size) */ /* smime_cipher_map_count + 1 is an upper bound - we might end up with less */ smime_capabilities = (NSSSMIMECapability **)PORT_ZAlloc((smime_cipher_map_count + 1) * sizeof(NSSSMIMECapability *)); if (smime_capabilities == NULL) return SECFailure; capIndex = 0; /* Add all the symmetric ciphers * We walk the cipher list backwards, as it is ordered by increasing strength, * we prefer the stronger cipher over a weaker one, and we have to list the * preferred algorithm first */ for (i = smime_cipher_map_count - 1; i >= 0; i--) { /* Find the corresponding entry in the cipher map. */ map = &(smime_cipher_map[i]); if (!map->enabled) continue; /* get next SMIME capability */ cap = (NSSSMIMECapability *)PORT_ZAlloc(sizeof(NSSSMIMECapability)); if (cap == NULL) break; smime_capabilities[capIndex++] = cap; oiddata = SECOID_FindOIDByTag(map->algtag); if (oiddata == NULL) break; cap->capabilityID.data = oiddata->oid.data; cap->capabilityID.len = oiddata->oid.len; cap->parameters.data = map->parms ? map->parms->data : NULL; cap->parameters.len = map->parms ? map->parms->len : 0; cap->cipher = smime_cipher_map[i].cipher; } /* XXX add signature algorithms */ /* XXX add key encipherment algorithms */ smime_capabilities[capIndex] = NULL; /* last one - now encode */ dummy = SEC_ASN1EncodeItem(poolp, dest, &smime_capabilities, NSSSMIMECapabilitiesTemplate); /* now that we have the proper encoded SMIMECapabilities (or not), * free the work data */ for (i = 0; smime_capabilities[i] != NULL; i++) PORT_Free(smime_capabilities[i]); PORT_Free(smime_capabilities); return (dummy == NULL) ? SECFailure : SECSuccess; }
int generate_algorithm_id(cms_context *ctx, SECAlgorithmID *idp, SECOidTag tag) { SECAlgorithmID id; if (!idp) return -1; SECOidData *oiddata; oiddata = SECOID_FindOIDByTag(tag); if (!oiddata) { PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); return -1; } if (SECITEM_CopyItem(ctx->arena, &id.algorithm, &oiddata->oid)) return -1; SECITEM_AllocItem(ctx->arena, &id.parameters, 2); if (id.parameters.data == NULL) goto err; id.parameters.data[0] = SEC_ASN1_NULL; id.parameters.data[1] = 0; id.parameters.type = siBuffer; memcpy(idp, &id, sizeof (id)); return 0; err: SECITEM_FreeItem(&id.algorithm, PR_FALSE); return -1; }
static SECStatus SetupAVAType(PRArenaPool *arena, SECOidTag type, SECItem *it, unsigned *maxLenp) { unsigned char *oid; unsigned oidLen; unsigned char *cp; int maxLen; SECOidData *oidrec; oidrec = SECOID_FindOIDByTag(type); if (oidrec == NULL) return SECFailure; oid = oidrec->oid.data; oidLen = oidrec->oid.len; maxLen = cert_AVAOidTagToMaxLen(type); if (maxLen < 0) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } it->data = cp = (unsigned char*) PORT_ArenaAlloc(arena, oidLen); if (cp == NULL) { return SECFailure; } it->len = oidLen; PORT_Memcpy(cp, oid, oidLen); *maxLenp = (unsigned)maxLen; return SECSuccess; }
/* turn an OID algorithm tag into a PKCS #11 mechanism. This allows us to * map OID's directly into the PKCS #11 mechanism we want to call. We find * this mapping in our standard OID table */ CK_MECHANISM_TYPE PK11_AlgtagToMechanism(SECOidTag algTag) { SECOidData *oid = SECOID_FindOIDByTag(algTag); if (oid) return (CK_MECHANISM_TYPE) oid->mechanism; return CKM_INVALID_MECHANISM; }
UniqueSECKEYPublicKey CryptoKey::PublicKeyFromSpki(CryptoBuffer& aKeyData, const nsNSSShutDownPreventionLock& /*proofOfLock*/) { UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); if (!arena) { return nullptr; } SECItem spkiItem = { siBuffer, nullptr, 0 }; if (!aKeyData.ToSECItem(arena.get(), &spkiItem)) { return nullptr; } UniqueCERTSubjectPublicKeyInfo spki( SECKEY_DecodeDERSubjectPublicKeyInfo(&spkiItem)); if (!spki) { return nullptr; } bool isECDHAlgorithm = SECITEM_ItemsAreEqual(&SEC_OID_DATA_EC_DH, &spki->algorithm.algorithm); bool isDHAlgorithm = SECITEM_ItemsAreEqual(&SEC_OID_DATA_DH_KEY_AGREEMENT, &spki->algorithm.algorithm); // Check for |id-ecDH| and |dhKeyAgreement|. Per the WebCrypto spec we must // support these OIDs but NSS does unfortunately not know about them. Let's // change the algorithm to |id-ecPublicKey| or |dhPublicKey| to make NSS happy. if (isECDHAlgorithm || isDHAlgorithm) { SECOidTag oid = SEC_OID_UNKNOWN; if (isECDHAlgorithm) { oid = SEC_OID_ANSIX962_EC_PUBLIC_KEY; } else if (isDHAlgorithm) { oid = SEC_OID_X942_DIFFIE_HELMAN_KEY; } else { MOZ_ASSERT(false); } SECOidData* oidData = SECOID_FindOIDByTag(oid); if (!oidData) { return nullptr; } SECStatus rv = SECITEM_CopyItem(spki->arena, &spki->algorithm.algorithm, &oidData->oid); if (rv != SECSuccess) { return nullptr; } } UniqueSECKEYPublicKey tmp(SECKEY_ExtractPublicKey(spki.get())); if (!tmp.get() || !PublicKeyValid(tmp.get())) { return nullptr; } return UniqueSECKEYPublicKey(SECKEY_CopyPublicKey(tmp.get())); }
static CK_MECHANISM_TYPE crmf_get_pad_mech_from_tag(SECOidTag oidTag) { CK_MECHANISM_TYPE mechType; SECOidData *oidData; oidData = SECOID_FindOIDByTag(oidTag); mechType = (CK_MECHANISM_TYPE)oidData->mechanism; return PK11_GetPadMechanism(mechType); }
static SECStatus crmf_add_new_control(CRMFCertRequest *inCertReq,SECOidTag inTag, CRMFControl **destControl) { SECOidData *oidData; SECStatus rv; PRArenaPool *poolp; int numControls = 0; CRMFControl *newControl; CRMFControl **controls; void *mark; poolp = inCertReq->poolp; if (poolp == NULL) { return SECFailure; } mark = PORT_ArenaMark(poolp); if (inCertReq->controls != NULL) { while (inCertReq->controls[numControls] != NULL) numControls++; } rv = crmf_modify_control_array(inCertReq, numControls); if (rv != SECSuccess) { goto loser; } controls = inCertReq->controls; oidData = SECOID_FindOIDByTag(inTag); newControl = *destControl = PORT_ArenaZNew(poolp,CRMFControl); if (newControl == NULL) { goto loser; } rv = SECITEM_CopyItem(poolp, &newControl->derTag, &oidData->oid); if (rv != SECSuccess) { goto loser; } newControl->tag = inTag; controls[numControls] = newControl; controls[numControls+1] = NULL; PORT_ArenaUnmark(poolp, mark); return SECSuccess; loser: PORT_ArenaRelease(poolp, mark); *destControl = NULL; return SECFailure; }
static SECStatus OurVerifyData(unsigned char *buf, int len, SECKEYPublicKey *key, SECItem *sig, SECAlgorithmID *sigAlgorithm) { SECStatus rv; VFYContext *cx; SECOidData *sigAlgOid, *oiddata; SECOidTag sigAlgTag; SECOidTag hashAlgTag; int showDigestOid=0; cx = VFY_CreateContextWithAlgorithmID(key, sig, sigAlgorithm, &hashAlgTag, NULL); if (cx == NULL) return SECFailure; sigAlgOid = SECOID_FindOID(&sigAlgorithm->algorithm); if (sigAlgOid == 0) return SECFailure; sigAlgTag = sigAlgOid->offset; if (showDigestOid) { oiddata = SECOID_FindOIDByTag(hashAlgTag); if ( oiddata ) { printf("PROBLEM: (cont) Digest OID is %s\n", oiddata->desc); } else { SECU_PrintAsHex(stdout, &oiddata->oid, "PROBLEM: UNKNOWN OID", 0); } } rv = VFY_Begin(cx); if (rv == SECSuccess) { rv = VFY_Update(cx, buf, len); if (rv == SECSuccess) rv = VFY_End(cx); } VFY_DestroyContext(cx, PR_TRUE); return rv; }
/* * SecCmsAttributeCreate - create an attribute * * if value is NULL, the attribute won't have a value. It can be added later * with SecCmsAttributeAddValue. */ SecCmsAttribute * SecCmsAttributeCreate(PRArenaPool *poolp, SECOidTag oidtag, CSSM_DATA_PTR value, Boolean encoded) { SecCmsAttribute *attr; CSSM_DATA_PTR copiedvalue; void *mark; PORT_Assert (poolp != NULL); mark = PORT_ArenaMark (poolp); attr = (SecCmsAttribute *)PORT_ArenaZAlloc(poolp, sizeof(SecCmsAttribute)); if (attr == NULL) goto loser; attr->typeTag = SECOID_FindOIDByTag(oidtag); if (attr->typeTag == NULL) goto loser; if (SECITEM_CopyItem(poolp, &(attr->type), &(attr->typeTag->oid)) != SECSuccess) goto loser; if (value != NULL) { if ((copiedvalue = SECITEM_AllocItem(poolp, NULL, (unsigned int)value->Length)) == NULL) goto loser; if (SECITEM_CopyItem(poolp, copiedvalue, value) != SECSuccess) goto loser; SecCmsArrayAdd(poolp, (void ***)&(attr->values), (void *)copiedvalue); } attr->encoded = encoded; PORT_ArenaUnmark (poolp, mark); return attr; loser: PORT_Assert (mark != NULL); PORT_ArenaRelease (poolp, mark); return NULL; }
SECStatus ssl_NamedGroup2ECParams(PLArenaPool *arena, const namedGroupDef *ecGroup, SECKEYECParams *params) { SECOidData *oidData = NULL; PRUint32 policyFlags = 0; SECStatus rv; if (!params) { PORT_Assert(0); PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } if (!ecGroup || ecGroup->type != group_type_ec || (oidData = SECOID_FindOIDByTag(ecGroup->oidTag)) == NULL) { PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE); return SECFailure; } rv = NSS_GetAlgorithmPolicy(ecGroup->oidTag, &policyFlags); if (rv == SECSuccess && !(policyFlags & NSS_USE_ALG_IN_SSL_KX)) { PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE); return SECFailure; } if (SECITEM_AllocItem(arena, params, (2 + oidData->oid.len)) == NULL) { PORT_SetError(SEC_ERROR_NO_MEMORY); return SECFailure; } /* * params->data needs to contain the ASN encoding of an object ID (OID) * representing the named curve. The actual OID is in * oidData->oid.data so we simply prepend 0x06 and OID length */ params->data[0] = SEC_ASN1_OBJECT_ID; params->data[1] = oidData->oid.len; memcpy(params->data + 2, oidData->oid.data, oidData->oid.len); return SECSuccess; }
static void nss_ecp_calc_secret(const struct dh_desc *group, SECKEYPrivateKey **privk, SECKEYPublicKey **pubk, uint8_t *ke, size_t sizeof_ke) { passert(sizeof_ke == group->bytes); /* * Get the PK11 formatted EC parameters (stored in static * data) from NSS. */ DBG(DBG_CRYPT, DBG_log("oid %d %x", group->nss_oid, group->nss_oid)); SECOidData *pk11_data = SECOID_FindOIDByTag(group->nss_oid); if (pk11_data == NULL) { PASSERT_FAIL("Lookup of OID %d for EC group %s parameters failed", group->nss_oid, group->common.name); } LSWDBGP(DBG_CRYPT, buf) { lswlogs(buf, "pk11_data->oid: "); lswlog_nss_secitem(buf, &pk11_data->oid); }
/* * NSS_CMSAttribute_Create - create an attribute * * if value is NULL, the attribute won't have a value. It can be added later * with NSS_CMSAttribute_AddValue. */ NSSCMSAttribute * NSS_CMSAttribute_Create(PRArenaPool *poolp, SECOidTag oidtag, SECItem *value, PRBool encoded) { NSSCMSAttribute *attr; SECItem *copiedvalue; void *mark; PORT_Assert (poolp != NULL); mark = PORT_ArenaMark (poolp); attr = (NSSCMSAttribute *)PORT_ArenaZAlloc(poolp, sizeof(NSSCMSAttribute)); if (attr == NULL) goto loser; attr->typeTag = SECOID_FindOIDByTag(oidtag); if (attr->typeTag == NULL) goto loser; if (SECITEM_CopyItem(poolp, &(attr->type), &(attr->typeTag->oid)) != SECSuccess) goto loser; if (value != NULL) { if ((copiedvalue = SECITEM_ArenaDupItem(poolp, value)) == NULL) goto loser; if (NSS_CMSArray_Add(poolp, (void ***)&(attr->values), (void *)copiedvalue) != SECSuccess) goto loser; } attr->encoded = encoded; PORT_ArenaUnmark (poolp, mark); return attr; loser: PORT_Assert (mark != NULL); PORT_ArenaRelease (poolp, mark); return NULL; }
/* * FUNCTION: PKIX_PL_OID_Create (see comments in pkix_pl_system.h) */ PKIX_Error * PKIX_PL_OID_Create( SECOidTag idtag, PKIX_PL_OID **pOID, void *plContext) { SECOidData *oidData = NULL; PKIX_ENTER(OID, "PKIX_PL_OID_Create"); PKIX_NULLCHECK_ONE(pOID); oidData = SECOID_FindOIDByTag((SECOidTag)idtag); if (!oidData) { PKIX_ERROR(PKIX_SECOIDFINDOIDTAGDESCRIPTIONFAILED); } pkixErrorResult = PKIX_PL_OID_CreateBySECItem(&oidData->oid, pOID, plContext); cleanup: PKIX_RETURN(OID); }
SECStatus NSS_CMSSignedData_Decode_BeforeData(NSSCMSSignedData *sigd) { SECStatus rv; if (!sigd) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } rv = NSS_CMSContentInfo_Private_Init(&sigd->contentInfo); if (rv != SECSuccess) { return SECFailure; } /* handle issue with Windows 2003 servers and kerberos */ if (sigd->digestAlgorithms != NULL) { int i; for (i=0; sigd->digestAlgorithms[i] != NULL; i++) { SECAlgorithmID *algid = sigd->digestAlgorithms[i]; SECOidTag senttag= SECOID_FindOIDTag(&algid->algorithm); SECOidTag maptag = NSS_CMSUtil_MapSignAlgs(senttag); if (maptag != senttag) { SECOidData *hashoid = SECOID_FindOIDByTag(maptag); rv = SECITEM_CopyItem(sigd->cmsg->poolp, &algid->algorithm ,&hashoid->oid); if (rv != SECSuccess) { return rv; } } } } /* set up the digests */ if (sigd->digestAlgorithms != NULL && sigd->digests == NULL) { /* if digests are already there, do nothing */ sigd->contentInfo.privateInfo->digcx = NSS_CMSDigestContext_StartMultiple(sigd->digestAlgorithms); if (sigd->contentInfo.privateInfo->digcx == NULL) return SECFailure; } return SECSuccess; }
nsresult nsCertOverrideService::Init() { if (!mSettingsTable.Init()) return NS_ERROR_OUT_OF_MEMORY; mOidTagForStoringNewHashes = SEC_OID_SHA256; SECOidData *od = SECOID_FindOIDByTag(mOidTagForStoringNewHashes); if (!od) return NS_ERROR_FAILURE; char *dotted_oid = CERT_GetOidString(&od->oid); if (!dotted_oid) return NS_ERROR_FAILURE; mDottedOidForStoringNewHashes = dotted_oid; PR_smprintf_free(dotted_oid); // cache mSettingsFile NS_GetSpecialDirectory(NS_APP_USER_PROFILE_50_DIR, getter_AddRefs(mSettingsFile)); if (mSettingsFile) { mSettingsFile->AppendNative(NS_LITERAL_CSTRING(kCertOverrideFileName)); } Read(); nsresult rv; NS_WITH_ALWAYS_PROXIED_SERVICE(nsIObserverService, mObserverService, "@mozilla.org/observer-service;1", NS_PROXY_TO_MAIN_THREAD, &rv); if (mObserverService) { mObserverService->AddObserver(this, "profile-before-change", PR_TRUE); mObserverService->AddObserver(this, "profile-do-change", PR_TRUE); mObserverService->AddObserver(this, "shutdown-cleanse", PR_TRUE); } return NS_OK; }
bool CertIsAuthoritativeForEVPolicy(const CERTCertificate* cert, const mozilla::pkix::CertPolicyId& policy) { PR_ASSERT(cert); if (!cert) { return false; } for (size_t iEV = 0; iEV < PR_ARRAY_SIZE(myTrustedEVInfos); ++iEV) { nsMyTrustedEVInfo& entry = myTrustedEVInfos[iEV]; if (entry.cert && CERT_CompareCerts(cert, entry.cert)) { const SECOidData* oidData = SECOID_FindOIDByTag(entry.oid_tag); if (oidData && oidData->oid.len == policy.numBytes && !memcmp(oidData->oid.data, policy.bytes, policy.numBytes)) { return true; } } } return false; }
SECKEYECParams * decode_ec_params(const char *curve) { SECKEYECParams *ecparams; SECOidData *oidData = nullptr; SECOidTag curveOidTag = SEC_OID_UNKNOWN; /* default */ int i, numCurves; if (curve && *curve) { numCurves = sizeof(nameTagPair)/sizeof(CurveNameTagPair); for (i = 0; ((i < numCurves) && (curveOidTag == SEC_OID_UNKNOWN)); i++) { if (PL_strcmp(curve, nameTagPair[i].curveName) == 0) curveOidTag = nameTagPair[i].curveOidTag; } } /* Return nullptr if curve name is not recognized */ if ((curveOidTag == SEC_OID_UNKNOWN) || (oidData = SECOID_FindOIDByTag(curveOidTag)) == nullptr) { return nullptr; } ecparams = SECITEM_AllocItem(nullptr, nullptr, (2 + oidData->oid.len)); if (!ecparams) return nullptr; /* * ecparams->data needs to contain the ASN encoding of an object ID (OID) * representing the named curve. The actual OID is in * oidData->oid.data so we simply prepend 0x06 and OID length */ ecparams->data[0] = SEC_ASN1_OBJECT_ID; ecparams->data[1] = oidData->oid.len; memcpy(ecparams->data + 2, oidData->oid.data, oidData->oid.len); return ecparams; }
/* * SecCmsAttributeArrayFindAttrByOidTag - look through a set of attributes and * find one that matches the specified object ID. * * If "only" is true, then make sure that there is not more than one attribute * of the same type. Otherwise, just return the first one found. (XXX Does * anybody really want that first-found behavior? It was like that when I found it...) */ SecCmsAttribute * SecCmsAttributeArrayFindAttrByOidTag(SecCmsAttribute **attrs, SECOidTag oidtag, Boolean only) { SECOidData *oid; SecCmsAttribute *attr1, *attr2; if (attrs == NULL) return NULL; oid = SECOID_FindOIDByTag(oidtag); if (oid == NULL) return NULL; while ((attr1 = *attrs++) != NULL) { if (attr1->type.Length == oid->oid.Length && PORT_Memcmp (attr1->type.Data, oid->oid.Data, oid->oid.Length) == 0) break; } if (attr1 == NULL) return NULL; if (!only) return attr1; while ((attr2 = *attrs++) != NULL) { if (attr2->type.Length == oid->oid.Length && PORT_Memcmp (attr2->type.Data, oid->oid.Data, oid->oid.Length) == 0) break; } if (attr2 != NULL) return NULL; return attr1; }
/* * NSS_CMSAttributeArray_FindAttrByOidTag - look through a set of attributes and * find one that matches the specified object ID. * * If "only" is true, then make sure that there is not more than one attribute * of the same type. Otherwise, just return the first one found. (XXX Does * anybody really want that first-found behavior? It was like that when I found it...) */ NSSCMSAttribute * NSS_CMSAttributeArray_FindAttrByOidTag(NSSCMSAttribute **attrs, SECOidTag oidtag, PRBool only) { SECOidData *oid; NSSCMSAttribute *attr1, *attr2; if (attrs == NULL) return NULL; oid = SECOID_FindOIDByTag(oidtag); if (oid == NULL) return NULL; while ((attr1 = *attrs++) != NULL) { if (attr1->type.len == oid->oid.len && PORT_Memcmp (attr1->type.data, oid->oid.data, oid->oid.len) == 0) break; } if (attr1 == NULL) return NULL; if (!only) return attr1; while ((attr2 = *attrs++) != NULL) { if (attr2->type.len == oid->oid.len && PORT_Memcmp (attr2->type.data, oid->oid.data, oid->oid.len) == 0) break; } if (attr2 != NULL) return NULL; return attr1; }
static SECStatus ecName2params(ECCurveName curve, SECKEYECParams *params) { SECOidData *oidData = NULL; if ((curve < ECCurve_noName) || (curve > ECCurve_pastLastCurve) || ((oidData = SECOID_FindOIDByTag(ecCurve_oid_map[curve])) == NULL)) { PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE); return SECFailure; } SECITEM_AllocItem(NULL, params, (2 + oidData->oid.len)); /* * params->data needs to contain the ASN encoding of an object ID (OID) * representing the named curve. The actual OID is in * oidData->oid.data so we simply prepend 0x06 and OID length */ params->data[0] = SEC_ASN1_OBJECT_ID; params->data[1] = oidData->oid.len; memcpy(params->data + 2, oidData->oid.data, oidData->oid.len); return SECSuccess; }