ocspCertStatus* ocsp_CreateCertStatus(PLArenaPool *arena, ocspCertStatusType status, PRTime revocationTime) { ocspCertStatus *cs; if (!arena) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return NULL; } switch (status) { case ocspCertStatus_good: case ocspCertStatus_unknown: case ocspCertStatus_revoked: break; default: PORT_SetError(SEC_ERROR_INVALID_ARGS); return NULL; } cs = PORT_ArenaZNew(arena, ocspCertStatus); if (!cs) return NULL; cs->certStatusType = status; switch (status) { case ocspCertStatus_good: cs->certStatusInfo.goodInfo = SECITEM_AllocItem(arena, NULL, 0); if (!cs->certStatusInfo.goodInfo) return NULL; break; case ocspCertStatus_unknown: cs->certStatusInfo.unknownInfo = SECITEM_AllocItem(arena, NULL, 0); if (!cs->certStatusInfo.unknownInfo) return NULL; break; case ocspCertStatus_revoked: cs->certStatusInfo.revokedInfo = PORT_ArenaZNew(arena, ocspRevokedInfo); if (!cs->certStatusInfo.revokedInfo) return NULL; cs->certStatusInfo.revokedInfo->revocationReason = SECITEM_AllocItem(arena, NULL, 0); if (!cs->certStatusInfo.revokedInfo->revocationReason) return NULL; if (DER_TimeToGeneralizedTimeArena(arena, &cs->certStatusInfo.revokedInfo->revocationTime, revocationTime) != SECSuccess) return NULL; break; default: PORT_Assert(PR_FALSE); } return cs; }
SECStatus crmf_copy_encryptedvalue_secalg(PLArenaPool *poolp, SECAlgorithmID *srcAlgId, SECAlgorithmID **destAlgId) { SECAlgorithmID *newAlgId; SECStatus rv; newAlgId = (poolp != NULL) ? PORT_ArenaZNew(poolp, SECAlgorithmID) : PORT_ZNew(SECAlgorithmID); if (newAlgId == NULL) { return SECFailure; } rv = SECOID_CopyAlgorithmID(poolp, newAlgId, srcAlgId); if (rv != SECSuccess) { if (!poolp) { SECOID_DestroyAlgorithmID(newAlgId, PR_TRUE); } return rv; } *destAlgId = newAlgId; return rv; }
SECKEYPublicKey* CreateECPublicKey(const SECItem* aKeyData, const nsString& aNamedCurve) { ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); if (!arena) { return nullptr; } SECKEYPublicKey* key = PORT_ArenaZNew(arena, SECKEYPublicKey); if (!key) { return nullptr; } key->keyType = ecKey; key->pkcs11Slot = nullptr; key->pkcs11ID = CK_INVALID_HANDLE; // Create curve parameters. SECItem* params = CreateECParamsForCurve(aNamedCurve, arena); if (!params) { return nullptr; } key->u.ec.DEREncodedParams = *params; // Set public point. key->u.ec.publicValue = *aKeyData; // Ensure the given point is on the curve. if (!CryptoKey::PublicKeyValid(key)) { return nullptr; } return SECKEY_CopyPublicKey(key); }
static SECStatus cmmf_CopyCertOrEncCert(PLArenaPool *poolp, CMMFCertOrEncCert *dest, CMMFCertOrEncCert *src) { SECStatus rv = SECSuccess; CRMFEncryptedValue *encVal; dest->choice = src->choice; rv = cmmf_copy_secitem(poolp, &dest->derValue, &src->derValue); switch (src->choice) { case cmmfCertificate: dest->cert.certificate = CERT_DupCertificate(src->cert.certificate); break; case cmmfEncryptedCert: encVal = (poolp == NULL) ? PORT_ZNew(CRMFEncryptedValue) : PORT_ArenaZNew(poolp, CRMFEncryptedValue); if (encVal == NULL) { return SECFailure; } rv = crmf_copy_encryptedvalue(poolp, src->cert.encryptedCert, encVal); if (rv != SECSuccess) { if (!poolp) { crmf_destroy_encrypted_value(encVal, PR_TRUE); } return rv; } dest->cert.encryptedCert = encVal; break; default: rv = SECFailure; } return rv; }
SECStatus PK11_ImportDERPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, SECItem *derPKI, SECItem *nickname, SECItem *publicValue, PRBool isPerm, PRBool isPrivate, unsigned int keyUsage, SECKEYPrivateKey** privk, void *wincx) { SECKEYPrivateKeyInfo *pki = NULL; PRArenaPool *temparena = NULL; SECStatus rv = SECFailure; temparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (!temparena) return rv; pki = PORT_ArenaZNew(temparena, SECKEYPrivateKeyInfo); if (!pki) { PORT_FreeArena(temparena, PR_FALSE); return rv; } pki->arena = temparena; rv = SEC_ASN1DecodeItem(pki->arena, pki, SECKEY_PrivateKeyInfoTemplate, derPKI); if( rv != SECSuccess ) { goto finish; } rv = PK11_ImportPrivateKeyInfoAndReturnKey(slot, pki, nickname, publicValue, isPerm, isPrivate, keyUsage, privk, wincx); finish: /* this zeroes the key and frees the arena */ SECKEY_DestroyPrivateKeyInfo(pki, PR_TRUE /*freeit*/); return rv; }
SECKEYPublicKey* CryptoKey::PublicDhKeyFromRaw(CryptoBuffer& aKeyData, const CryptoBuffer& aPrime, const CryptoBuffer& aGenerator, const nsNSSShutDownPreventionLock& /*proofOfLock*/) { ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); if (!arena) { return nullptr; } SECKEYPublicKey* key = PORT_ArenaZNew(arena, SECKEYPublicKey); if (!key) { return nullptr; } key->keyType = dhKey; key->pkcs11Slot = nullptr; key->pkcs11ID = CK_INVALID_HANDLE; // Set DH public key params. if (!aPrime.ToSECItem(arena, &key->u.dh.prime) || !aGenerator.ToSECItem(arena, &key->u.dh.base) || !aKeyData.ToSECItem(arena, &key->u.dh.publicValue)) { return nullptr; } key->u.dh.prime.type = siUnsignedInteger; key->u.dh.base.type = siUnsignedInteger; key->u.dh.publicValue.type = siUnsignedInteger; return SECKEY_CopyPublicKey(key); }
SECStatus crmf_copy_cert_name(PLArenaPool *poolp, CERTName **dest, CERTName *src) { CERTName *newName; SECStatus rv; void *mark; mark = PORT_ArenaMark(poolp); *dest = newName = PORT_ArenaZNew(poolp, CERTName); if (newName == NULL) { goto loser; } rv = CERT_CopyName(poolp, newName, src); if (rv != SECSuccess) { goto loser; } PORT_ArenaUnmark(poolp, mark); return SECSuccess; loser: PORT_ArenaRelease(poolp, mark); *dest = NULL; return SECFailure; }
CERTPrivKeyUsagePeriod * CERT_DecodePrivKeyUsagePeriodExtension(PLArenaPool *arena, SECItem *extnValue) { SECStatus rv; CERTPrivKeyUsagePeriod *pPeriod; SECItem newExtnValue; /* allocate the certificate policies structure */ pPeriod = PORT_ArenaZNew(arena, CERTPrivKeyUsagePeriod); if ( pPeriod == NULL ) { goto loser; } pPeriod->arena = arena; /* copy the DER into the arena, since Quick DER returns data that points into the DER input, which may get freed by the caller */ rv = SECITEM_CopyItem(arena, &newExtnValue, extnValue); if ( rv != SECSuccess ) { goto loser; } rv = SEC_QuickDERDecodeItem(arena, pPeriod, CERTPrivateKeyUsagePeriodTemplate, &newExtnValue); if ( rv != SECSuccess ) { goto loser; } return pPeriod; loser: return NULL; }
SECStatus crmf_template_copy_secalg (PLArenaPool *poolp, SECAlgorithmID **dest, SECAlgorithmID* src) { SECStatus rv; void *mark = NULL; SECAlgorithmID *mySecAlg; if (!poolp) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } mark = PORT_ArenaMark(poolp); *dest = mySecAlg = PORT_ArenaZNew(poolp, SECAlgorithmID); if (mySecAlg == NULL) { goto loser; } rv = SECOID_CopyAlgorithmID(poolp, mySecAlg, src); if (rv != SECSuccess) { goto loser; } if (mark) { PORT_ArenaUnmark(poolp, mark); } return SECSuccess; loser: *dest = NULL; if (mark) { PORT_ArenaRelease(poolp, mark); } return SECFailure; }
SECStatus crmf_template_add_public_key(PLArenaPool *poolp, CERTSubjectPublicKeyInfo **dest, CERTSubjectPublicKeyInfo *pubKey) { CERTSubjectPublicKeyInfo *spki; SECStatus rv; *dest = spki = (poolp == NULL) ? PORT_ZNew(CERTSubjectPublicKeyInfo) : PORT_ArenaZNew (poolp, CERTSubjectPublicKeyInfo); if (spki == NULL) { goto loser; } rv = SECKEY_CopySubjectPublicKeyInfo (poolp, spki, pubKey); if (rv != SECSuccess) { goto loser; } return SECSuccess; loser: if (poolp == NULL && spki != NULL) { SECKEY_DestroySubjectPublicKeyInfo(spki); } *dest = NULL; return SECFailure; }
CRMFCertRequest * CRMF_CreateCertRequest (PRUint32 inRequestID) { PLArenaPool *poolp; CRMFCertRequest *certReq; SECStatus rv; poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE); if (poolp == NULL) { goto loser; } certReq=PORT_ArenaZNew(poolp,CRMFCertRequest); if (certReq == NULL) { goto loser; } certReq->poolp = poolp; certReq->requestID = inRequestID; rv = crmf_encode_unsigned_integer(poolp, &(certReq->certReqId), inRequestID); if (rv != SECSuccess) { goto loser; } return certReq; loser: if (poolp) { PORT_FreeArena(poolp, PR_FALSE); } return NULL; }
SECStatus cmmf_CopyCertifiedKeyPair(PLArenaPool *poolp, CMMFCertifiedKeyPair *dest, CMMFCertifiedKeyPair *src) { SECStatus rv; rv = cmmf_CopyCertOrEncCert(poolp, &dest->certOrEncCert, &src->certOrEncCert); if (rv != SECSuccess) { return rv; } if (src->privateKey != NULL) { CRMFEncryptedValue *encVal; encVal = (poolp == NULL) ? PORT_ZNew(CRMFEncryptedValue) : PORT_ArenaZNew(poolp, CRMFEncryptedValue); if (encVal == NULL) { return SECFailure; } rv = crmf_copy_encryptedvalue(poolp, src->privateKey, encVal); if (rv != SECSuccess) { if (!poolp) { crmf_destroy_encrypted_value(encVal, PR_TRUE); } return rv; } dest->privateKey = encVal; } rv = cmmf_copy_secitem(poolp, &dest->derPublicationInfo, &src->derPublicationInfo); return rv; }
CMMFPOPODecKeyRespContent* CMMF_CreatePOPODecKeyRespContentFromDER(const char *buf, long len) { PRArenaPool *poolp; CMMFPOPODecKeyRespContent *decKeyResp; SECStatus rv; poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE); if (poolp == NULL) { return NULL; } decKeyResp = PORT_ArenaZNew(poolp, CMMFPOPODecKeyRespContent); if (decKeyResp == NULL) { goto loser; } decKeyResp->poolp = poolp; rv = SEC_ASN1Decode(poolp, decKeyResp, CMMFPOPODecKeyRespContentTemplate, buf, len); if (rv != SECSuccess) { goto loser; } return decKeyResp; loser: if (poolp != NULL) { PORT_FreeArena(poolp, PR_FALSE); } return NULL; }
/* * NSS_CMSEncryptedData_Create - create an empty encryptedData object. * * "algorithm" specifies the bulk encryption algorithm to use. * "keysize" is the key size. * * An error results in a return value of NULL and an error set. * (Retrieve specific errors via PORT_GetError()/XP_GetError().) */ NSSCMSEncryptedData * NSS_CMSEncryptedData_Create(NSSCMSMessage *cmsg, SECOidTag algorithm, int keysize) { void *mark; NSSCMSEncryptedData *encd; PLArenaPool *poolp; SECAlgorithmID *pbe_algid; SECStatus rv; poolp = cmsg->poolp; mark = PORT_ArenaMark(poolp); encd = PORT_ArenaZNew(poolp, NSSCMSEncryptedData); if (encd == NULL) goto loser; encd->cmsg = cmsg; /* version is set in NSS_CMSEncryptedData_Encode_BeforeStart() */ if (!SEC_PKCS5IsAlgorithmPBEAlgTag(algorithm)) { rv = NSS_CMSContentInfo_SetContentEncAlg(poolp, &(encd->contentInfo), algorithm, NULL, keysize); } else { /* Assume password-based-encryption. * Note: we can't generate pkcs5v2 from this interface. * PK11_CreateBPEAlgorithmID generates pkcs5v2 by accepting * non-PBE oids and assuming that they are pkcs5v2 oids, but * NSS_CMSEncryptedData_Create accepts non-PBE oids as regular * CMS encrypted data, so we can't tell NSS_CMS_EncryptedData_Create * to create pkcs5v2 PBEs */ pbe_algid = PK11_CreatePBEAlgorithmID(algorithm, 1, NULL); if (pbe_algid == NULL) { rv = SECFailure; } else { rv = NSS_CMSContentInfo_SetContentEncAlgID(poolp, &(encd->contentInfo), pbe_algid, keysize); SECOID_DestroyAlgorithmID(pbe_algid, PR_TRUE); } } if (rv != SECSuccess) goto loser; PORT_ArenaUnmark(poolp, mark); return encd; loser: PORT_ArenaRelease(poolp, mark); return NULL; }
CERTDistNames * CERT_DistNamesFromCertList(CERTCertList *certList) { CERTDistNames *dnames = NULL; PLArenaPool *arena; CERTCertListNode *node = NULL; SECItem *names = NULL; int listLen = 0, i = 0; if (certList == NULL) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return NULL; } node = CERT_LIST_HEAD(certList); while (!CERT_LIST_END(node, certList)) { listLen += 1; node = CERT_LIST_NEXT(node); } arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (arena == NULL) goto loser; dnames = PORT_ArenaZNew(arena, CERTDistNames); if (dnames == NULL) goto loser; dnames->arena = arena; dnames->nnames = listLen; dnames->names = names = PORT_ArenaZNewArray(arena, SECItem, listLen); if (names == NULL) goto loser; node = CERT_LIST_HEAD(certList); while (!CERT_LIST_END(node, certList)) { CERTCertificate *cert = node->cert; SECStatus rv = SECITEM_CopyItem(arena, &names[i++], &cert->derSubject); if (rv == SECFailure) { goto loser; } node = CERT_LIST_NEXT(node); } return dnames; loser: if (arena) { PORT_FreeArena(arena, PR_FALSE); } return NULL; }
static CRMFProofOfPossession * crmf_copy_pop(PLArenaPool *poolp, CRMFProofOfPossession *srcPOP) { CRMFProofOfPossession *newPOP; SECStatus rv; /* * Proof Of Possession structures are always part of the Request * message, so there will always be an arena for allocating memory. */ if (poolp == NULL) { return NULL; } newPOP = PORT_ArenaZNew(poolp, CRMFProofOfPossession); if (newPOP == NULL) { return NULL; } switch (srcPOP->popUsed) { case crmfRAVerified: newPOP->popChoice.raVerified.data = NULL; newPOP->popChoice.raVerified.len = 0; break; case crmfSignature: rv = crmf_copy_poposigningkey(poolp, &srcPOP->popChoice.signature, &newPOP->popChoice.signature); if (rv != SECSuccess) { goto loser; } break; case crmfKeyEncipherment: case crmfKeyAgreement: /* We've got a union, so a pointer to one, is a pointer to the * other one. */ rv = crmf_copy_popoprivkey(poolp, &srcPOP->popChoice.keyEncipherment, &newPOP->popChoice.keyEncipherment); if (rv != SECSuccess) { goto loser; } break; default: goto loser; } newPOP->popUsed = srcPOP->popUsed; return newPOP; loser: return NULL; }
static SECStatus cmmf_create_first_challenge(CMMFPOPODecKeyChallContent *challContent, long inRandom, SECItem *senderDER, SECKEYPublicKey *inPubKey, void *passwdArg) { SECOidData *oidData; CMMFChallenge *challenge; SECAlgorithmID *algId; PRArenaPool *poolp; SECStatus rv; oidData = SECOID_FindOIDByTag(SEC_OID_SHA1); if (oidData == NULL) { return SECFailure; } poolp = challContent->poolp; challenge = PORT_ArenaZNew(poolp, CMMFChallenge); if (challenge == NULL) { return SECFailure; } algId = challenge->owf = PORT_ArenaZNew(poolp, SECAlgorithmID); if (algId == NULL) { return SECFailure; } rv = SECITEM_CopyItem(poolp, &algId->algorithm, &oidData->oid); if (rv != SECSuccess) { return SECFailure; } rv = cmmf_create_witness_and_challenge(poolp, challenge, inRandom, senderDER, inPubKey, passwdArg); challContent->challenges[0] = (rv == SECSuccess) ? challenge : NULL; challContent->numChallenges++; return rv ; }
static SECStatus crmf_add_new_control(CRMFCertRequest *inCertReq,SECOidTag inTag, CRMFControl **destControl) { SECOidData *oidData; SECStatus rv; PRArenaPool *poolp; int numControls = 0; CRMFControl *newControl; CRMFControl **controls; void *mark; poolp = inCertReq->poolp; if (poolp == NULL) { return SECFailure; } mark = PORT_ArenaMark(poolp); if (inCertReq->controls != NULL) { while (inCertReq->controls[numControls] != NULL) numControls++; } rv = crmf_modify_control_array(inCertReq, numControls); if (rv != SECSuccess) { goto loser; } controls = inCertReq->controls; oidData = SECOID_FindOIDByTag(inTag); newControl = *destControl = PORT_ArenaZNew(poolp,CRMFControl); if (newControl == NULL) { goto loser; } rv = SECITEM_CopyItem(poolp, &newControl->derTag, &oidData->oid); if (rv != SECSuccess) { goto loser; } newControl->tag = inTag; controls[numControls] = newControl; controls[numControls+1] = NULL; PORT_ArenaUnmark(poolp, mark); return SECSuccess; loser: PORT_ArenaRelease(poolp, mark); *destControl = NULL; return SECFailure; }
SECStatus PK11_ImportDERPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, SECItem *derPKI, SECItem *nickname, SECItem *publicValue, PRBool isPerm, PRBool isPrivate, unsigned int keyUsage, SECKEYPrivateKey **privk, void *wincx) { SECKEYPrivateKeyInfo *pki = NULL; PLArenaPool *temparena = NULL; SECStatus rv = SECFailure; temparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (!temparena) return rv; pki = PORT_ArenaZNew(temparena, SECKEYPrivateKeyInfo); if (!pki) { PORT_FreeArena(temparena, PR_FALSE); return rv; } pki->arena = temparena; rv = SEC_ASN1DecodeItem(pki->arena, pki, SECKEY_PrivateKeyInfoTemplate, derPKI); if (rv != SECSuccess) { /* If SEC_ASN1DecodeItem fails, we cannot assume anything about the * validity of the data in pki. The best we can do is free the arena * and return. */ PORT_FreeArena(temparena, PR_TRUE); return rv; } if (pki->privateKey.data == NULL) { /* If SEC_ASN1DecodeItems succeeds but SECKEYPrivateKeyInfo.privateKey * is a zero-length octet string, free the arena and return a failure * to avoid trying to zero the corresponding SECItem in * SECKEY_DestroyPrivateKeyInfo(). */ PORT_FreeArena(temparena, PR_TRUE); PORT_SetError(SEC_ERROR_BAD_KEY); return SECFailure; } rv = PK11_ImportPrivateKeyInfoAndReturnKey(slot, pki, nickname, publicValue, isPerm, isPrivate, keyUsage, privk, wincx); /* this zeroes the key and frees the arena */ SECKEY_DestroyPrivateKeyInfo(pki, PR_TRUE /*freeit*/); return rv; }
SECStatus CMMF_CertRepContentSetCertResponses(CMMFCertRepContent *inCertRepContent, CMMFCertResponse **inCertResponses, int inNumResponses) { PLArenaPool *poolp; CMMFCertResponse **respArr, *newResp; void *mark; SECStatus rv; int i; PORT_Assert(inCertRepContent != NULL && inCertResponses != NULL && inNumResponses > 0); if (inCertRepContent == NULL || inCertResponses == NULL || inCertRepContent->response != NULL) { return SECFailure; } poolp = inCertRepContent->poolp; mark = PORT_ArenaMark(poolp); respArr = inCertRepContent->response = PORT_ArenaZNewArray(poolp, CMMFCertResponse *, (inNumResponses + 1)); if (respArr == NULL) { goto loser; } for (i = 0; i < inNumResponses; i++) { newResp = PORT_ArenaZNew(poolp, CMMFCertResponse); if (newResp == NULL) { goto loser; } rv = cmmf_CopyCertResponse(poolp, newResp, inCertResponses[i]); if (rv != SECSuccess) { goto loser; } respArr[i] = newResp; } respArr[inNumResponses] = NULL; PORT_ArenaUnmark(poolp, mark); return SECSuccess; loser: PORT_ArenaRelease(poolp, mark); return SECFailure; }
CMMFPOPODecKeyChallContent* CMMF_CreatePOPODecKeyChallContent (void) { PRArenaPool *poolp; CMMFPOPODecKeyChallContent *challContent; poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE); if (poolp == NULL) { return NULL; } challContent = PORT_ArenaZNew(poolp, CMMFPOPODecKeyChallContent); if (challContent == NULL) { PORT_FreeArena(poolp, PR_FALSE); return NULL; } challContent->poolp = poolp; return challContent; }
static CERTOCSPSingleResponse* ocsp_CreateSingleResponse(PLArenaPool *arena, CERTOCSPCertID *id, ocspCertStatus *status, PRTime thisUpdate, const PRTime *nextUpdate) { CERTOCSPSingleResponse *sr; if (!arena || !id || !status) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return NULL; } sr = PORT_ArenaZNew(arena, CERTOCSPSingleResponse); if (!sr) return NULL; sr->arena = arena; sr->certID = id; sr->certStatus = status; if (DER_TimeToGeneralizedTimeArena(arena, &sr->thisUpdate, thisUpdate) != SECSuccess) return NULL; sr->nextUpdate = NULL; if (nextUpdate) { sr->nextUpdate = SECITEM_AllocItem(arena, NULL, 0); if (!sr->nextUpdate) return NULL; if (DER_TimeToGeneralizedTimeArena(arena, sr->nextUpdate, *nextUpdate) != SECSuccess) return NULL; } sr->singleExtensions = PORT_ArenaNewArray(arena, CERTCertExtension*, 1); if (!sr->singleExtensions) return NULL; sr->singleExtensions[0] = NULL; if (!SEC_ASN1EncodeItem(arena, &sr->derCertStatus, status, ocsp_CertStatusTemplate)) return NULL; return sr; }
CERTAVA * CERT_CreateAVAFromRaw(PRArenaPool *pool, const SECItem * OID, const SECItem * value) { CERTAVA *ava; int rv; ava = PORT_ArenaZNew(pool, CERTAVA); if (ava) { rv = SECITEM_CopyItem(pool, &ava->type, OID); if (rv) return NULL; rv = SECITEM_CopyItem(pool, &ava->value, value); if (rv) return NULL; } return ava; }
/* return a new public key for NSS */ static SECKEYPublicKey* nss_key_create(KeyType ktype) { SECKEYPublicKey* key; PLArenaPool* arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if(!arena) { log_err("out of memory, PORT_NewArena failed"); return NULL; } key = PORT_ArenaZNew(arena, SECKEYPublicKey); if(!key) { log_err("out of memory, PORT_ArenaZNew failed"); PORT_FreeArena(arena, PR_FALSE); return NULL; } key->arena = arena; key->keyType = ktype; key->pkcs11Slot = NULL; key->pkcs11ID = CK_INVALID_HANDLE; return key; }
CMMFKeyRecRepContent* CMMF_CreateKeyRecRepContentFromDER(CERTCertDBHandle *db, const char *buf, long len) { PRArenaPool *poolp; CMMFKeyRecRepContent *keyRecContent; SECStatus rv; poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE); if (poolp == NULL) { return NULL; } keyRecContent = PORT_ArenaZNew(poolp, CMMFKeyRecRepContent); if (keyRecContent == NULL) { goto loser; } keyRecContent->poolp = poolp; rv = SEC_ASN1Decode(poolp, keyRecContent, CMMFKeyRecRepContentTemplate, buf, len); if (rv != SECSuccess) { goto loser; } if (keyRecContent->keyPairHist != NULL) { while(keyRecContent->keyPairHist[keyRecContent->numKeyPairs] != NULL) { rv = cmmf_decode_process_certified_key_pair(poolp, db, keyRecContent->keyPairHist[keyRecContent->numKeyPairs]); if (rv != SECSuccess) { goto loser; } keyRecContent->numKeyPairs++; } keyRecContent->allocKeyPairs = keyRecContent->numKeyPairs; } keyRecContent->isDecoded = PR_TRUE; return keyRecContent; loser: if (poolp != NULL) { PORT_FreeArena(poolp, PR_FALSE); } return NULL; }
CERTDistNames * CERT_DistNamesFromNicknames(CERTCertDBHandle *handle, char **nicknames, int nnames) { CERTDistNames *dnames = NULL; PLArenaPool *arena; int i, rv; SECItem *names = NULL; CERTCertificate *cert = NULL; arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (arena == NULL) goto loser; dnames = PORT_ArenaZNew(arena, CERTDistNames); if (dnames == NULL) goto loser; dnames->arena = arena; dnames->nnames = nnames; dnames->names = names = PORT_ArenaZNewArray(arena, SECItem, nnames); if (names == NULL) goto loser; for (i = 0; i < nnames; i++) { cert = CERT_FindCertByNicknameOrEmailAddr(handle, nicknames[i]); if (cert == NULL) goto loser; rv = SECITEM_CopyItem(arena, &names[i], &cert->derSubject); if (rv == SECFailure) goto loser; CERT_DestroyCertificate(cert); } return dnames; loser: if (cert != NULL) CERT_DestroyCertificate(cert); if (arena != NULL) PORT_FreeArena(arena, PR_FALSE); return NULL; }
static SECStatus crmf_copy_poposigningkey(PLArenaPool *poolp, CRMFPOPOSigningKey *inPopoSignKey, CRMFPOPOSigningKey *destPopoSignKey) { SECStatus rv; /* We don't support use of the POPOSigningKeyInput, so we'll only * store away the DER encoding. */ if (inPopoSignKey->derInput.data != NULL) { rv = SECITEM_CopyItem(poolp, &destPopoSignKey->derInput, &inPopoSignKey->derInput); } destPopoSignKey->algorithmIdentifier = (poolp == NULL) ? PORT_ZNew(SECAlgorithmID) : PORT_ArenaZNew(poolp, SECAlgorithmID); if (destPopoSignKey->algorithmIdentifier == NULL) { goto loser; } rv = SECOID_CopyAlgorithmID(poolp, destPopoSignKey->algorithmIdentifier, inPopoSignKey->algorithmIdentifier); if (rv != SECSuccess) { goto loser; } rv = crmf_make_bitstring_copy(poolp, &destPopoSignKey->signature, &inPopoSignKey->signature); if (rv != SECSuccess) { goto loser; } return SECSuccess; loser: if (poolp == NULL) { CRMF_DestroyPOPOSigningKey(destPopoSignKey); } return SECFailure; }
static SECItem * crmf_decode_params(SECItem *inParams) { SECItem *params; SECStatus rv = SECFailure; PLArenaPool *poolp; poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE); if (poolp == NULL) { return NULL; } params = PORT_ArenaZNew(poolp, SECItem); if (params) { rv = SEC_ASN1DecodeItem(poolp, params, SEC_ASN1_GET(SEC_OctetStringTemplate), inParams); } params = (rv == SECSuccess) ? SECITEM_ArenaDupItem(NULL, params) : NULL; PORT_FreeArena(poolp, PR_FALSE); return params; }
CMMFCertRepContent * CMMF_CreateCertRepContent(void) { CMMFCertRepContent *retCertRep; PLArenaPool *poolp; poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE); if (poolp == NULL) { goto loser; } retCertRep = PORT_ArenaZNew(poolp, CMMFCertRepContent); if (retCertRep == NULL) { goto loser; } retCertRep->poolp = poolp; return retCertRep; loser: if (poolp != NULL) { PORT_FreeArena(poolp, PR_FALSE); } return NULL; }
static SECStatus crmf_template_add_validity (PLArenaPool *poolp, CRMFOptionalValidity **dest, CRMFValidityCreationInfo *info) { SECStatus rv; void *mark; CRMFOptionalValidity *myValidity; /*First off, let's make sure at least one of the two fields is present*/ if (!info || (!info->notBefore && !info->notAfter)) { return SECFailure; } mark = PORT_ArenaMark (poolp); *dest = myValidity = PORT_ArenaZNew(poolp, CRMFOptionalValidity); if (myValidity == NULL) { goto loser; } if (info->notBefore) { rv = DER_EncodeTimeChoice (poolp, &myValidity->notBefore, *info->notBefore); if (rv != SECSuccess) { goto loser; } } if (info->notAfter) { rv = DER_EncodeTimeChoice (poolp, &myValidity->notAfter, *info->notAfter); if (rv != SECSuccess) { goto loser; } } PORT_ArenaUnmark(poolp, mark); return SECSuccess; loser: PORT_ArenaRelease(poolp, mark); *dest = NULL; return SECFailure; }