Chromium Code Reviews Chromium Code Reviews
Issue 13898013:
Update NSS to NSS_3_15_BETA2. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/| OLD | NEW |
|---|---|
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 4 | 4 |
| 5 #include "plarena.h" | 5 #include "plarena.h" |
| 6 #include "seccomon.h" | 6 #include "seccomon.h" |
| 7 #include "secitem.h" | 7 #include "secitem.h" |
| 8 #include "secoidt.h" | 8 #include "secoidt.h" |
| 9 #include "secasn1.h" | 9 #include "secasn1.h" |
| 10 #include "secder.h" | 10 #include "secder.h" |
| (...skipping 668 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 679 first->l.prev = &(current->l); | 679 first->l.prev = &(current->l); |
| 680 /* TODO: unmark arena */ | 680 /* TODO: unmark arena */ |
| 681 return first; | 681 return first; |
| 682 loser: | 682 loser: |
| 683 /* TODO: release arena back to mark */ | 683 /* TODO: release arena back to mark */ |
| 684 return NULL; | 684 return NULL; |
| 685 } | 685 } |
| 686 | 686 |
| 687 CERTNameConstraints * | 687 CERTNameConstraints * |
| 688 cert_DecodeNameConstraints(PRArenaPool *reqArena, | 688 cert_DecodeNameConstraints(PRArenaPool *reqArena, |
| 689 » » » SECItem *encodedConstraints) | 689 » » » const SECItem *encodedConstraints) |
| 690 { | 690 { |
| 691 CERTNameConstraints *constraints; | 691 CERTNameConstraints *constraints; |
| 692 SECStatus rv; | 692 SECStatus rv; |
| 693 SECItem* newEncodedConstraints; | 693 SECItem* newEncodedConstraints; |
| 694 | 694 |
| 695 if (!reqArena) { | 695 if (!reqArena) { |
| 696 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 696 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 697 return NULL; | 697 return NULL; |
| 698 } | 698 } |
| 699 PORT_Assert(encodedConstraints); | 699 PORT_Assert(encodedConstraints); |
| (...skipping 357 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1057 CERTGeneralName * | 1057 CERTGeneralName * |
| 1058 CERT_GetCertificateNames(CERTCertificate *cert, PRArenaPool *arena) | 1058 CERT_GetCertificateNames(CERTCertificate *cert, PRArenaPool *arena) |
| 1059 { | 1059 { |
| 1060 return CERT_GetConstrainedCertificateNames(cert, arena, PR_FALSE); | 1060 return CERT_GetConstrainedCertificateNames(cert, arena, PR_FALSE); |
| 1061 } | 1061 } |
| 1062 | 1062 |
| 1063 /* This function is called by CERT_VerifyCertChain to extract all | 1063 /* This function is called by CERT_VerifyCertChain to extract all |
| 1064 ** names from a cert in preparation for a name constraints test. | 1064 ** names from a cert in preparation for a name constraints test. |
| 1065 */ | 1065 */ |
| 1066 CERTGeneralName * | 1066 CERTGeneralName * |
| 1067 CERT_GetConstrainedCertificateNames(CERTCertificate *cert, PRArenaPool *arena, | 1067 CERT_GetConstrainedCertificateNames(const CERTCertificate *cert, |
| 1068 PRArenaPool *arena, | |
| 1068 PRBool includeSubjectCommonName) | 1069 PRBool includeSubjectCommonName) |
| 1069 { | 1070 { |
| 1070 CERTGeneralName *DN; | 1071 CERTGeneralName *DN; |
| 1071 CERTGeneralName *SAN; | 1072 CERTGeneralName *SAN; |
| 1072 PRUint32 numDNSNames = 0; | 1073 PRUint32 numDNSNames = 0; |
| 1073 SECStatus rv; | 1074 SECStatus rv; |
| 1074 | 1075 |
| 1075 if (!arena) { | 1076 if (!arena) { |
| 1076 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 1077 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 1077 return NULL; | 1078 return NULL; |
| (...skipping 255 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1333 | 1334 |
| 1334 /* This function takes one name, and a list of constraints. | 1335 /* This function takes one name, and a list of constraints. |
| 1335 ** It searches the constraints looking for a match. | 1336 ** It searches the constraints looking for a match. |
| 1336 ** It returns SECSuccess if the name satisfies the constraints, i.e., | 1337 ** It returns SECSuccess if the name satisfies the constraints, i.e., |
| 1337 ** if excluded, then the name does not match any constraint, | 1338 ** if excluded, then the name does not match any constraint, |
| 1338 ** if permitted, then the name matches at least one constraint. | 1339 ** if permitted, then the name matches at least one constraint. |
| 1339 ** It returns SECFailure if the name fails to satisfy the constraints, | 1340 ** It returns SECFailure if the name fails to satisfy the constraints, |
| 1340 ** or if some code fails (e.g. out of memory, or invalid constraint) | 1341 ** or if some code fails (e.g. out of memory, or invalid constraint) |
| 1341 */ | 1342 */ |
| 1342 SECStatus | 1343 SECStatus |
| 1343 cert_CompareNameWithConstraints(CERTGeneralName *name, | 1344 cert_CompareNameWithConstraints(const CERTGeneralName *name, |
| 1344 » » » » CERTNameConstraint *constraints, | 1345 » » » » const CERTNameConstraint *constraints, |
| 1345 PRBool excluded) | 1346 PRBool excluded) |
| 1346 { | 1347 { |
| 1347 SECStatus rv = SECSuccess; | 1348 SECStatus rv = SECSuccess; |
| 1348 SECStatus matched = SECFailure; | 1349 SECStatus matched = SECFailure; |
| 1349 CERTNameConstraint *current; | 1350 const CERTNameConstraint *current; |
| 1350 | 1351 |
| 1351 PORT_Assert(constraints); /* caller should not call with NULL */ | 1352 PORT_Assert(constraints); /* caller should not call with NULL */ |
| 1352 if (!constraints) { | 1353 if (!constraints) { |
| 1353 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 1354 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 1354 return SECFailure; | 1355 return SECFailure; |
| 1355 } | 1356 } |
| 1356 | 1357 |
| 1357 current = constraints; | 1358 current = constraints; |
| 1358 do { | 1359 do { |
| 1359 rv = SECSuccess; | 1360 rv = SECSuccess; |
| (...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1457 case certRegisterID: /* type 9 */ | 1458 case certRegisterID: /* type 9 */ |
| 1458 matched = excluded ? SECFailure : SECSuccess; | 1459 matched = excluded ? SECFailure : SECSuccess; |
| 1459 break; | 1460 break; |
| 1460 | 1461 |
| 1461 default: /* non-standard types are not supported */ | 1462 default: /* non-standard types are not supported */ |
| 1462 rv = SECFailure; | 1463 rv = SECFailure; |
| 1463 break; | 1464 break; |
| 1464 } | 1465 } |
| 1465 if (matched == SECSuccess || rv != SECSuccess) | 1466 if (matched == SECSuccess || rv != SECSuccess) |
| 1466 break; | 1467 break; |
| 1467 » current = CERT_GetNextNameConstraint(current); | 1468 » current = CERT_GetNextNameConstraint((CERTNameConstraint*)current); |
|
wtc
2013/04/24 22:49:45
I verified this "const cast" is fine.
| |
| 1468 } while (current != constraints); | 1469 } while (current != constraints); |
| 1469 if (rv == SECSuccess) { | 1470 if (rv == SECSuccess) { |
| 1470 if (matched == SECSuccess) | 1471 if (matched == SECSuccess) |
| 1471 rv = excluded ? SECFailure : SECSuccess; | 1472 rv = excluded ? SECFailure : SECSuccess; |
| 1472 else | 1473 else |
| 1473 rv = excluded ? SECSuccess : SECFailure; | 1474 rv = excluded ? SECSuccess : SECFailure; |
| 1474 return rv; | 1475 return rv; |
| 1475 } | 1476 } |
| 1476 | 1477 |
| 1477 return SECFailure; | 1478 return SECFailure; |
| (...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1558 } | 1559 } |
| 1559 | 1560 |
| 1560 return rv; | 1561 return rv; |
| 1561 } | 1562 } |
| 1562 | 1563 |
| 1563 /* Verify name against all the constraints relevant to that type of | 1564 /* Verify name against all the constraints relevant to that type of |
| 1564 ** the name. | 1565 ** the name. |
| 1565 */ | 1566 */ |
| 1566 SECStatus | 1567 SECStatus |
| 1567 CERT_CheckNameSpace(PRArenaPool *arena, | 1568 CERT_CheckNameSpace(PRArenaPool *arena, |
| 1568 CERTNameConstraints *constraints, | 1569 const CERTNameConstraints *constraints, |
| 1569 CERTGeneralName *currentName) | 1570 const CERTGeneralName *currentName) |
| 1570 { | 1571 { |
| 1571 CERTNameConstraint *matchingConstraints; | 1572 CERTNameConstraint *matchingConstraints; |
| 1572 SECStatus rv = SECSuccess; | 1573 SECStatus rv = SECSuccess; |
| 1573 | 1574 |
| 1574 if (constraints->excluded != NULL) { | 1575 if (constraints->excluded != NULL) { |
| 1575 rv = CERT_GetNameConstraintByType(constraints->excluded, | 1576 rv = CERT_GetNameConstraintByType(constraints->excluded, |
| 1576 currentName->type, | 1577 currentName->type, |
| 1577 &matchingConstraints, arena); | 1578 &matchingConstraints, arena); |
| 1578 if (rv == SECSuccess && matchingConstraints != NULL) { | 1579 if (rv == SECSuccess && matchingConstraints != NULL) { |
| 1579 rv = cert_CompareNameWithConstraints(currentName, | 1580 rv = cert_CompareNameWithConstraints(currentName, |
| (...skipping 272 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1852 break; | 1853 break; |
| 1853 } | 1854 } |
| 1854 list->name = cert_CombineNamesLists(list->name, name); | 1855 list->name = cert_CombineNamesLists(list->name, name); |
| 1855 list->len++; | 1856 list->len++; |
| 1856 done: | 1857 done: |
| 1857 PZ_Unlock(list->lock); | 1858 PZ_Unlock(list->lock); |
| 1858 } | 1859 } |
| 1859 return; | 1860 return; |
| 1860 } | 1861 } |
| 1861 #endif | 1862 #endif |
| OLD | NEW |
