Allow NSS to be built with NO_NSPR_10_SUPPORT.

nss/lib/certhigh/ocsp.c

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 /*
  * Implementation of OCSP services, for both client and server.
  * (XXX, really, mostly just for client right now, but intended to do both.)
  */
 
 #include "prerror.h"
@@ skipping 39 matching lines @@
     OCSPCacheItem *lessRecent;
 
     /* key */
     CERTOCSPCertID *certID;
     /* CertID's arena also used to allocate "this" cache item */
 
     /* cache control information */
     PRTime nextFetchAttemptTime;
 
     /* Cached contents. Use a separate arena, because lifetime is different */
-    PRArenaPool *certStatusArena; /* NULL means: no cert status cached */
+    PLArenaPool *certStatusArena; /* NULL means: no cert status cached */
     ocspCertStatus certStatus;
 
     /* This may contain an error code when no OCSP response is available. */
     SECErrorCodes missingResponseError;
 
     PRPackedBool haveThisUpdate;
     PRPackedBool haveNextUpdate;
     PRTime thisUpdate;
     PRTime nextUpdate;
 };
@@ skipping 23 matching lines @@
                   DEFAULT_OSCP_TIMEOUT_SECONDS,
                   {NULL, 0, NULL, NULL},
                   ocspMode_FailureIsVerificationFailure,
                   NULL
                 };
 
 
 
 /* Forward declarations */
 static SECItem *
-ocsp_GetEncodedOCSPResponseFromRequest(PRArenaPool *arena, 
+ocsp_GetEncodedOCSPResponseFromRequest(PLArenaPool *arena, 
                                        CERTOCSPRequest *request,
-                                       const char *location, int64 time,
+                                       const char *location, PRTime time,
                                        PRBool addServiceLocator,
                                        void *pwArg,
                                        CERTOCSPRequest **pRequest);
 static SECStatus
 ocsp_GetOCSPStatusFromNetwork(CERTCertDBHandle *handle, 
                               CERTOCSPCertID *certID, 
                               CERTCertificate *cert, 
-                              int64 time, 
+                              PRTime time, 
                               void *pwArg,
                               PRBool *certIDWasConsumed,
                               SECStatus *rv_ocsp);
 
 static SECStatus
 ocsp_CacheEncodedOCSPResponse(CERTCertDBHandle *handle,
                               CERTOCSPCertID *certID,
                               CERTCertificate *cert,
-                              int64 time,
+                              PRTime time,
                               void *pwArg,
                               const SECItem *encodedResponse,
                               PRBool cacheInvalid,
                               PRBool *certIDWasConsumed,
                               SECStatus *rv_ocsp);
 
 static SECStatus
 ocsp_GetVerifiedSingleResponseForCertID(CERTCertDBHandle *handle, 
                                         CERTOCSPResponse *response, 
                                         CERTOCSPCertID   *certID,
                                         CERTCertificate  *signerCert,
-                                        int64             time,
+                                        PRTime            time,
                                         CERTOCSPSingleResponse **pSingleResponse);
 
 static SECStatus
-ocsp_CertRevokedAfter(ocspRevokedInfo *revokedInfo, int64 time);
+ocsp_CertRevokedAfter(ocspRevokedInfo *revokedInfo, PRTime time);
 
 static CERTOCSPCertID *
 cert_DupOCSPCertID(CERTOCSPCertID *src);
 
 #ifndef DEBUG
 #define OCSP_TRACE(msg)
 #define OCSP_TRACE_TIME(msg, time)
 #define OCSP_TRACE_CERT(cert)
 #define OCSP_TRACE_CERTID(certid)
 #else
@@ skipping 32 matching lines @@
   
     if (!wantOcspTrace())
         return;
     va_start(args, format);
     PR_vsnprintf(buf, sizeof(buf), format, args);
     va_end(args);
     PR_LogPrint("%s", buf);
 }
 
 static void
-ocsp_dumpStringWithTime(const char *str, int64 time)
+ocsp_dumpStringWithTime(const char *str, PRTime time)
 {
     PRExplodedTime timePrintable;
     char timestr[256];
 
     if (!wantOcspTrace())
         return;
     PR_ExplodeTime(time, PR_GMTParameters, &timePrintable);
     if (PR_FormatTime(timestr, 256, "%a %b %d %H:%M:%S %Y", &timePrintable)) {
         ocsp_Trace("OCSP %s %s\n", str, timestr);
     }
@@ skipping 20 matching lines @@
 
 static void
 dumpCertificate(CERTCertificate *cert)
 {
     if (!wantOcspTrace())
         return;
 
     ocsp_Trace("OCSP ----------------\n");
     ocsp_Trace("OCSP ## SUBJECT:  %s\n", cert->subjectName);
     {
-        int64 timeBefore, timeAfter;
+        PRTime timeBefore, timeAfter;
         PRExplodedTime beforePrintable, afterPrintable;
         char beforestr[256], afterstr[256];
         PRStatus rv1, rv2;
         DER_DecodeTimeChoice(&timeBefore, &cert->validity.notBefore);
         DER_DecodeTimeChoice(&timeAfter, &cert->validity.notAfter);
         PR_ExplodeTime(timeBefore, PR_GMTParameters, &beforePrintable);
         PR_ExplodeTime(timeAfter, PR_GMTParameters, &afterPrintable);
         rv1 = PR_FormatTime(beforestr, 256, "%a %b %d %H:%M:%S %Y", 
                       &beforePrintable);
         rv2 = PR_FormatTime(afterstr, 256, "%a %b %d %H:%M:%S %Y", 
@@ skipping 84 matching lines @@
   
     return (SECEqual == SECITEM_CompareItem(&cid1->issuerNameHash, 
                                             &cid2->issuerNameHash)
             && SECEqual == SECITEM_CompareItem(&cid1->issuerKeyHash, 
                                                &cid2->issuerKeyHash)
             && SECEqual == SECITEM_CompareItem(&cid1->serialNumber, 
                                                &cid2->serialNumber));
 }
 
 static SECStatus
-ocsp_CopyRevokedInfo(PRArenaPool *arena, ocspCertStatus *dest, 
+ocsp_CopyRevokedInfo(PLArenaPool *arena, ocspCertStatus *dest,
                      ocspRevokedInfo *src)
 {
     SECStatus rv = SECFailure;
     void *mark;
   
     mark = PORT_ArenaMark(arena);
   
     dest->certStatusInfo.revokedInfo = 
         (ocspRevokedInfo *) PORT_ArenaZAlloc(arena, sizeof(ocspRevokedInfo));
     if (!dest->certStatusInfo.revokedInfo) {
@@ skipping 19 matching lines @@
   
     PORT_ArenaUnmark(arena, mark);
     return SECSuccess;
 
 loser:
     PORT_ArenaRelease(arena, mark);
     return SECFailure;
 }
 
 static SECStatus
-ocsp_CopyCertStatus(PRArenaPool *arena, ocspCertStatus *dest, 
+ocsp_CopyCertStatus(PLArenaPool *arena, ocspCertStatus *dest,
                     ocspCertStatus*src)
 {
     SECStatus rv = SECFailure;
     dest->certStatusType = src->certStatusType;
   
     switch (src->certStatusType) {
     case ocspCertStatus_good:
         dest->certStatusInfo.goodInfo = 
             SECITEM_ArenaDupItem(arena, src->certStatusInfo.goodInfo);
         if (dest->certStatusInfo.goodInfo != NULL) {
@@ skipping 214 matching lines @@
     }
     PR_ExitMonitor(OCSP_Global.monitor);
     return SECSuccess;
 }
 
 static SECStatus
 ocsp_CreateCacheItemAndConsumeCertID(OCSPCacheData *cache,
                                      CERTOCSPCertID *certID, 
                                      OCSPCacheItem **pCacheItem)
 {
-    PRArenaPool *arena;
+    PLArenaPool *arena;
     void *mark;
     PLHashEntry *new_hash_entry;
     OCSPCacheItem *item;
   
     PORT_Assert(pCacheItem != NULL);
     *pCacheItem = NULL;
 
     PR_EnterMonitor(OCSP_Global.monitor);
     arena = certID->poolp;
     mark = PORT_ArenaMark(arena);
@@ skipping 811 matching lines @@
 
 /*
  * REQUEST SUPPORT FUNCTIONS (encode/create/decode/destroy):
  */
 
 /* 
  * FUNCTION: CERT_EncodeOCSPRequest
  *   DER encodes an OCSP Request, possibly adding a signature as well.
  *   XXX Signing is not yet supported, however; see comments in code.
  * INPUTS: 
- *   PRArenaPool *arena
+ *   PLArenaPool *arena
  *     The return value is allocated from here.
  *     If a NULL is passed in, allocation is done from the heap instead.
  *   CERTOCSPRequest *request
  *     The request to be encoded.
  *   void *pwArg
  *     Pointer to argument for password prompting, if needed.  (Definitely
  *     not needed if not signing.)
  * RETURN:
  *   Returns a NULL on error and a pointer to the SECItem with the
  *   encoded value otherwise.  Any error is likely to be low-level
  *   (e.g. no memory).
  */
 SECItem *
-CERT_EncodeOCSPRequest(PRArenaPool *arena, CERTOCSPRequest *request, 
+CERT_EncodeOCSPRequest(PLArenaPool *arena, CERTOCSPRequest *request,
                        void *pwArg)
 {
     ocspTBSRequest *tbsRequest;
     SECStatus rv;
 
     /* XXX All of these should generate errors if they fail. */
     PORT_Assert(request);
     PORT_Assert(request->tbsRequest);
 
     tbsRequest = request->tbsRequest;
@@ skipping 26 matching lines @@
  *   SECItem *src
  *     Pointer to a SECItem holding DER encoded OCSP Request.
  * RETURN:
  *   Returns a pointer to a CERTOCSPRequest containing the decoded request.
  *   On error, returns NULL.  Most likely error is trouble decoding
  *   (SEC_ERROR_OCSP_MALFORMED_REQUEST), or low-level problem (no memory).
  */
 CERTOCSPRequest *
 CERT_DecodeOCSPRequest(const SECItem *src)
 {
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECStatus rv = SECFailure;
     CERTOCSPRequest *dest = NULL;
     int i;
     SECItem newSrc;
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL) {
         goto loser;
     }
     dest = (CERTOCSPRequest *) PORT_ArenaZAlloc(arena, 
@@ skipping 47 matching lines @@
 
 /*
  * Digest data using the specified algorithm.
  * The necessary storage for the digest data is allocated.  If "fill" is
  * non-null, the data is put there, otherwise a SECItem is allocated.
  * Allocation from "arena" if it is non-null, heap otherwise.  Any problem
  * results in a NULL being returned (and an appropriate error set).
  */
 
 SECItem *
-ocsp_DigestValue(PRArenaPool *arena, SECOidTag digestAlg, 
+ocsp_DigestValue(PLArenaPool *arena, SECOidTag digestAlg, 
                  SECItem *fill, const SECItem *src)
 {
     const SECHashObject *digestObject;
     SECItem *result = NULL;
     void *mark = NULL;
     void *digestBuff = NULL;
 
     if ( arena != NULL ) {
         mark = PORT_ArenaMark(arena);
     }
@@ skipping 43 matching lines @@
 }
 
 /*
  * Digest the cert's subject public key using the specified algorithm.
  * The necessary storage for the digest data is allocated.  If "fill" is
  * non-null, the data is put there, otherwise a SECItem is allocated.
  * Allocation from "arena" if it is non-null, heap otherwise.  Any problem
  * results in a NULL being returned (and an appropriate error set).
  */
 SECItem *
-CERT_GetSPKIDigest(PRArenaPool *arena, const CERTCertificate *cert,
+CERT_GetSPKIDigest(PLArenaPool *arena, const CERTCertificate *cert,
                            SECOidTag digestAlg, SECItem *fill)
 {
     SECItem spk;
 
     /*
      * Copy just the length and data pointer (nothing needs to be freed)
      * of the subject public key so we can convert the length from bits
      * to bytes, which is what the digest function expects.
      */
     spk = cert->subjectPublicKeyInfo.subjectPublicKey;
     DER_ConvertBitString(&spk);
 
     return ocsp_DigestValue(arena, digestAlg, fill, &spk);
 }
 
 /*
  * Digest the cert's subject name using the specified algorithm.
  */
 static SECItem *
-cert_GetSubjectNameDigest(PRArenaPool *arena, const CERTCertificate *cert,
+cert_GetSubjectNameDigest(PLArenaPool *arena, const CERTCertificate *cert,
                            SECOidTag digestAlg, SECItem *fill)
 {
     SECItem name;
 
     /*
      * Copy just the length and data pointer (nothing needs to be freed)
      * of the subject name
      */
     name = cert->derSubject;
 
     return ocsp_DigestValue(arena, digestAlg, fill, &name);
 }
 
 /*
  * Create and fill-in a CertID.  This function fills in the hash values
  * (issuerNameHash and issuerKeyHash), and is hardwired to use SHA1.
  * Someday it might need to be more flexible about hash algorithm, but
  * for now we have no intention/need to create anything else.
  *
  * Error causes a null to be returned; most likely cause is trouble
  * finding the certificate issuer (SEC_ERROR_UNKNOWN_ISSUER).
  * Other errors are low-level problems (no memory, bad database, etc.).
  */
 static CERTOCSPCertID *
-ocsp_CreateCertID(PRArenaPool *arena, CERTCertificate *cert, int64 time)
+ocsp_CreateCertID(PLArenaPool *arena, CERTCertificate *cert, PRTime time)
 {
     CERTOCSPCertID *certID;
     CERTCertificate *issuerCert = NULL;
     void *mark = PORT_ArenaMark(arena);
     SECStatus rv;
 
     PORT_Assert(arena != NULL);
 
     certID = PORT_ArenaZNew(arena, CERTOCSPCertID);
     if (certID == NULL) {
@@ skipping 59 matching lines @@
 
 loser:
     if (issuerCert != NULL) {
         CERT_DestroyCertificate(issuerCert);
     }
     PORT_ArenaRelease(arena, mark);
     return NULL;
 }
 
 CERTOCSPCertID*
-CERT_CreateOCSPCertID(CERTCertificate *cert, int64 time)
+CERT_CreateOCSPCertID(CERTCertificate *cert, PRTime time)
 {
-    PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     CERTOCSPCertID *certID;
     PORT_Assert(arena != NULL);
     if (!arena)
         return NULL;
     
     certID = ocsp_CreateCertID(arena, cert, time);
     if (!certID) {
         PORT_FreeArena(arena, PR_FALSE);
         return NULL;
     }
     certID->poolp = arena;
     return certID;
 }
 
 static CERTOCSPCertID *
 cert_DupOCSPCertID(CERTOCSPCertID *src)
 {
     CERTOCSPCertID *dest;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
 
     if (!src) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return NULL;
     }
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (!arena)
         goto loser;
 
@@ skipping 118 matching lines @@
  * response expects this array to be in the exact same order as the
  * certs are found in the list.  It would be harder to change that
  * order than preserve it, but since the requirement is not obvious,
  * it deserves to be mentioned.
  *
  * Any problem causes a null return and error set:
  *      SEC_ERROR_UNKNOWN_ISSUER
  * Other errors are low-level problems (no memory, bad database, etc.).
  */
 static ocspSingleRequest **
-ocsp_CreateSingleRequestList(PRArenaPool *arena, CERTCertList *certList,
-                             int64 time, PRBool includeLocator)
+ocsp_CreateSingleRequestList(PLArenaPool *arena, CERTCertList *certList,
+                             PRTime time, PRBool includeLocator)
 {
     ocspSingleRequest **requestList = NULL;
     CERTCertListNode *node = NULL;
     int i, count;
     void *mark = PORT_ArenaMark(arena);
  
     node = CERT_LIST_HEAD(certList);
     for (count = 0; !CERT_LIST_END(node, certList); count++) {
         node = CERT_LIST_NEXT(node);
     }
@@ skipping 33 matching lines @@
     PORT_ArenaUnmark(arena, mark);
     requestList[i] = NULL;
     return requestList;
 
 loser:
     PORT_ArenaRelease(arena, mark);
     return NULL;
 }
 
 static ocspSingleRequest **
-ocsp_CreateRequestFromCert(PRArenaPool *arena, 
+ocsp_CreateRequestFromCert(PLArenaPool *arena,
                            CERTOCSPCertID *certID, 
                            CERTCertificate *singleCert,
-                           int64 time, 
+                           PRTime time,
                            PRBool includeLocator)
 {
     ocspSingleRequest **requestList = NULL;
     void *mark = PORT_ArenaMark(arena);
     PORT_Assert(certID != NULL && singleCert != NULL);
 
     /* meaning of value 2: one entry + one end marker */
     requestList = PORT_ArenaNewArray(arena, ocspSingleRequest *, 2);
     if (requestList == NULL)
         goto loser;
@@ skipping 16 matching lines @@
     return requestList;
 
 loser:
     PORT_ArenaRelease(arena, mark);
     return NULL;
 }
 
 static CERTOCSPRequest *
 ocsp_prepareEmptyOCSPRequest(void)
 {
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     CERTOCSPRequest *request = NULL;
     ocspTBSRequest *tbsRequest = NULL;
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL) {
         goto loser;
     }
     request = PORT_ArenaZNew(arena, CERTOCSPRequest);
     if (request == NULL) {
         goto loser;
@@ skipping 11 matching lines @@
 loser:
     if (arena != NULL) {
         PORT_FreeArena(arena, PR_FALSE);
     }
     return NULL;
 }
 
 CERTOCSPRequest *
 cert_CreateSingleCertOCSPRequest(CERTOCSPCertID *certID, 
                                  CERTCertificate *singleCert, 
-                                 int64 time, 
+                                 PRTime time,
                                  PRBool addServiceLocator,
                                  CERTCertificate *signerCert)
 {
     CERTOCSPRequest *request;
     OCSP_TRACE(("OCSP cert_CreateSingleCertOCSPRequest %s\n", singleCert->subjectName));
 
     /* XXX Support for signerCert may be implemented later,
      * see also the comment in CERT_CreateOCSPRequest.
      */
     if (signerCert != NULL) {
@@ skipping 27 matching lines @@
  *   the given list.
  * INPUTS:
  *   CERTCertList *certList
  *     A list of certs for which status will be requested.
  *     Note that all of these certificates should have the same issuer,
  *     or it's expected the response will be signed by a trusted responder.
  *     If the certs need to be broken up into multiple requests, that
  *     must be handled by the caller (and thus by having multiple calls
  *     to this routine), who knows about where the request(s) are being
  *     sent and whether there are any trusted responders in place.
- *   int64 time
+ *   PRTime time
  *     Indicates the time for which the certificate status is to be 
  *     determined -- this may be used in the search for the cert's issuer
  *     but has no effect on the request itself.
  *   PRBool addServiceLocator
  *     If true, the Service Locator extension should be added to the
  *     single request(s) for each cert.
  *   CERTCertificate *signerCert
  *     If non-NULL, means sign the request using this cert.  Otherwise,
  *     do not sign.
  *     XXX note that request signing is not yet supported; see comment in code
  * RETURN:
  *   A pointer to a CERTOCSPRequest structure containing an OCSP request
  *   for the cert list.  On error, null is returned, with an error set
  *   indicating the reason.  This is likely SEC_ERROR_UNKNOWN_ISSUER.
  *   (The issuer is needed to create a request for the certificate.)
  *   Other errors are low-level problems (no memory, bad database, etc.).
  */
 CERTOCSPRequest *
-CERT_CreateOCSPRequest(CERTCertList *certList, int64 time, 
+CERT_CreateOCSPRequest(CERTCertList *certList, PRTime time,
                        PRBool addServiceLocator,
                        CERTCertificate *signerCert)
 {
     CERTOCSPRequest *request = NULL;
 
     if (!certList) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return NULL;
     }
     /*
@@ skipping 249 matching lines @@
 }
 
 /*
  * Helper function for decoding SingleResponses -- they each contain
  * a status which is encoded as CHOICE, which needs to be decoded "by hand".
  *
  * Note -- on error, this routine does not release the memory it may
  * have allocated; it expects its caller to do that.
  */
 static SECStatus
-ocsp_FinishDecodingSingleResponses(PRArenaPool *reqArena,
+ocsp_FinishDecodingSingleResponses(PLArenaPool *reqArena,
                                    CERTOCSPSingleResponse **responses)
 {
     ocspCertStatus *certStatus;
     ocspCertStatusType certStatusType;
     const SEC_ASN1Template *certStatusTemplate;
     int derTag;
     int i;
     SECStatus rv = SECFailure;
 
     if (!reqArena) {
@@ skipping 63 matching lines @@
             break;
     }
 
     return responderIDType;
 }
 
 /*
  * Decode "src" as a BasicOCSPResponse, returning the result.
  */
 static ocspBasicOCSPResponse *
-ocsp_DecodeBasicOCSPResponse(PRArenaPool *arena, SECItem *src)
+ocsp_DecodeBasicOCSPResponse(PLArenaPool *arena, SECItem *src)
 {
     void *mark;
     ocspBasicOCSPResponse *basicResponse;
     ocspResponseData *responseData;
     ocspResponderID *responderID;
     CERTOCSPResponderIDType responderIDType;
     const SEC_ASN1Template *responderIDTemplate;
     int derTag;
     SECStatus rv;
     SECItem newsrc;
@@ skipping 69 matching lines @@
     PORT_ArenaRelease(arena, mark);
     return NULL;
 }
 
 
 /*
  * Decode the responseBytes based on the responseType found in "rbytes",
  * leaving the resulting translated/decoded information in there as well.
  */
 static SECStatus
-ocsp_DecodeResponseBytes(PRArenaPool *arena, ocspResponseBytes *rbytes)
+ocsp_DecodeResponseBytes(PLArenaPool *arena, ocspResponseBytes *rbytes)
 {
     PORT_Assert(rbytes != NULL);                /* internal error, really */
     if (rbytes == NULL) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);  /* XXX set better error? */
         return SECFailure;
     }
 
     rbytes->responseTypeTag = SECOID_FindOIDTag(&rbytes->responseType);
     switch (rbytes->responseTypeTag) {
         case SEC_OID_PKIX_OCSP_BASIC_RESPONSE:
@@ skipping 31 matching lines @@
  * RETURN:
  *   Returns a pointer to a CERTOCSPResponse (the decoded OCSP Response);
  *   the caller is responsible for destroying it.  Or NULL if error (either
  *   response could not be decoded (SEC_ERROR_OCSP_MALFORMED_RESPONSE),
  *   it was of an unexpected type (SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE),
  *   or a low-level or internal error occurred).
  */
 CERTOCSPResponse *
 CERT_DecodeOCSPResponse(const SECItem *src)
 {
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     CERTOCSPResponse *response = NULL;
     SECStatus rv = SECFailure;
     ocspResponseStatus sv;
     SECItem newSrc;
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL) {
         goto loser;
     }
     response = (CERTOCSPResponse *) PORT_ArenaZAlloc(arena,
@@ skipping 470 matching lines @@
 
 /*
  * Reads on the given socket and returns an encoded response when received.
  * Properly formatted HTTP/1.0 response headers are expected to be read
  * from the socket, preceding a binary-encoded OCSP response.  Problems
  * with parsing cause the error SEC_ERROR_OCSP_BAD_HTTP_RESPONSE to be
  * set; any other problems are likely low-level i/o or memory allocation
  * errors.
  */
 static SECItem *
-ocsp_GetEncodedResponse(PRArenaPool *arena, PRFileDesc *sock)
+ocsp_GetEncodedResponse(PLArenaPool *arena, PRFileDesc *sock)
 {
     /* first read HTTP status line and headers */
 
     char* inBuffer = NULL;
     PRInt32 offset = 0;
     PRInt32 inBufsize = 0;
     const PRInt32 bufSizeIncrement = OCSP_BUFSIZE; /* 1 KB at a time */
     const PRInt32 maxBufSize = 8 * bufSizeIncrement ; /* 8 KB max */
     const char* CRLF = "\r\n";
     const PRInt32 CRLFlen = strlen(CRLF);
@@ skipping 216 matching lines @@
 {
     return ocsp_ParseURL(url, pHostname, pPort, pPath);
 }
 
 /*
  * Limit the size of http responses we are willing to accept.
  */
 #define MAX_WANTED_OCSP_RESPONSE_LEN 64*1024
 
 static SECItem *
-fetchOcspHttpClientV1(PRArenaPool *arena, 
+fetchOcspHttpClientV1(PLArenaPool *arena, 
                       const SEC_HttpClientFcnV1 *hcv1, 
                       const char *location, 
                       SECItem *encodedRequest)
 {
     char *hostname = NULL;
     char *path = NULL;
     PRUint16 port;
     SECItem *encodedResponse = NULL;
     SEC_HTTP_SERVER_SESSION pServerSession = NULL;
     SEC_HTTP_REQUEST_SESSION pRequestSession = NULL;
@@ skipping 88 matching lines @@
         PORT_Free(hostname);
     
     return encodedResponse;
 }
 
 /*
  * FUNCTION: CERT_GetEncodedOCSPResponse
  *   Creates and sends a request to an OCSP responder, then reads and
  *   returns the (encoded) response.
  * INPUTS:
- *   PRArenaPool *arena
+ *   PLArenaPool *arena
  *     Pointer to arena from which return value will be allocated.
  *     If NULL, result will be allocated from the heap (and thus should
  *     be freed via SECITEM_FreeItem).
  *   CERTCertList *certList
  *     A list of certs for which status will be requested.
  *     Note that all of these certificates should have the same issuer,
  *     or it's expected the response will be signed by a trusted responder.
  *     If the certs need to be broken up into multiple requests, that
  *     must be handled by the caller (and thus by having multiple calls
  *     to this routine), who knows about where the request(s) are being
  *     sent and whether there are any trusted responders in place.
  *   const char *location
  *     The location of the OCSP responder (a URL).
- *   int64 time
+ *   PRTime time
  *     Indicates the time for which the certificate status is to be 
  *     determined -- this may be used in the search for the cert's issuer
  *     but has no other bearing on the operation.
  *   PRBool addServiceLocator
  *     If true, the Service Locator extension should be added to the
  *     single request(s) for each cert.
  *   CERTCertificate *signerCert
  *     If non-NULL, means sign the request using this cert.  Otherwise,
  *     do not sign.
  *   void *pwArg
  *     Pointer to argument for password prompting, if needed.  (Definitely
  *     not needed if not signing.)
  * OUTPUTS:
  *   CERTOCSPRequest **pRequest
  *     Pointer in which to store the OCSP request created for the given
  *     list of certificates.  It is only filled in if the entire operation
  *     is successful and the pointer is not null -- and in that case the
  *     caller is then reponsible for destroying it.
  * RETURN:
  *   Returns a pointer to the SECItem holding the response.
  *   On error, returns null with error set describing the reason:
  *      SEC_ERROR_UNKNOWN_ISSUER
  *      SEC_ERROR_CERT_BAD_ACCESS_LOCATION
  *      SEC_ERROR_OCSP_BAD_HTTP_RESPONSE
  *   Other errors are low-level problems (no memory, bad database, etc.).
  */
 SECItem *
-CERT_GetEncodedOCSPResponse(PRArenaPool *arena, CERTCertList *certList,
-                            const char *location, int64 time,
+CERT_GetEncodedOCSPResponse(PLArenaPool *arena, CERTCertList *certList,
+                            const char *location, PRTime time,
                             PRBool addServiceLocator,
                             CERTCertificate *signerCert, void *pwArg,
                             CERTOCSPRequest **pRequest)
 {
     CERTOCSPRequest *request;
     request = CERT_CreateOCSPRequest(certList, time, addServiceLocator,
                                      signerCert);
     if (!request)
         return NULL;
     return ocsp_GetEncodedOCSPResponseFromRequest(arena, request, location, 
                                                   time, addServiceLocator, 
                                                   pwArg, pRequest);
 }
 
 static SECItem *
-ocsp_GetEncodedOCSPResponseFromRequest(PRArenaPool *arena, 
+ocsp_GetEncodedOCSPResponseFromRequest(PLArenaPool *arena,
                                        CERTOCSPRequest *request,
-                                       const char *location, int64 time,
+                                       const char *location, PRTime time,
                                        PRBool addServiceLocator,
                                        void *pwArg,
                                        CERTOCSPRequest **pRequest)
 {
     SECItem *encodedRequest = NULL;
     SECItem *encodedResponse = NULL;
     PRFileDesc *sock = NULL;
     SECStatus rv;
     const SEC_HttpClientFcn *registeredHttpClient = NULL;
 
@@ skipping 37 matching lines @@
         CERT_DestroyOCSPRequest(request);
     if (encodedRequest != NULL)
         SECITEM_FreeItem(encodedRequest, PR_TRUE);
     if (sock != NULL)
         PR_Close(sock);
 
     return encodedResponse;
 }
 
 static SECItem *
-ocsp_GetEncodedOCSPResponseForSingleCert(PRArenaPool *arena, 
+ocsp_GetEncodedOCSPResponseForSingleCert(PLArenaPool *arena, 
                                          CERTOCSPCertID *certID, 
                                          CERTCertificate *singleCert, 
-                                         const char *location, int64 time,
+                                         const char *location, PRTime time,
                                          PRBool addServiceLocator,
                                          void *pwArg,
                                          CERTOCSPRequest **pRequest)
 {
     CERTOCSPRequest *request;
     request = cert_CreateSingleCertOCSPRequest(certID, singleCert, time, 
                                                addServiceLocator, NULL);
     if (!request)
         return NULL;
     return ocsp_GetEncodedOCSPResponseFromRequest(arena, request, location, 
@@ skipping 288 matching lines @@
  */
 SECStatus
 CERT_VerifyOCSPResponseSignature(CERTOCSPResponse *response,    
                                  CERTCertDBHandle *handle, void *pwArg,
                                  CERTCertificate **pSignerCert,
                                  CERTCertificate *issuer)
 {
     SECItem *tbsResponseDataDER;
     CERTCertificate *signerCert = NULL;
     SECStatus rv = SECFailure;
-    int64 producedAt;
+    PRTime producedAt;
 
     /* ocsp_DecodeBasicOCSPResponse will fail if asn1 decoder is unable
      * to properly decode tbsData (see the function and
      * ocsp_BasicOCSPResponseTemplate). Thus, tbsData can not be
      * equal to null */
     ocspResponseData *tbsData = ocsp_GetResponseData(response,
                                                      &tbsResponseDataDER);
     ocspSignature *signature = ocsp_GetResponseSignature(response);
 
     if (!signature) {
@@ skipping 307 matching lines @@
  *      of OCSP signing authority for the certificate in question.
  *  2.  The CA who issued the certificate in question.
  *  3.  A "CA designated responder", aka an "authorized responder" -- it
  *      must be represented by a special cert issued by the CA who issued
  *      the certificate in question.
  */
 static PRBool
 ocsp_AuthorizedResponderForCertID(CERTCertDBHandle *handle,
                                   CERTCertificate *signerCert,
                                   CERTOCSPCertID *certID,
-                                  int64 thisUpdate)
+                                  PRTime thisUpdate)
 {
     CERTCertificate *issuerCert = NULL, *defRespCert;
     SECItem *keyHash = NULL;
     SECItem *nameHash = NULL;
     SECOidTag hashAlg;
     PRBool keyHashEQ = PR_FALSE, nameHashEQ = PR_FALSE;
 
     /*
      * Check first for a trusted responder, which overrides everything else.
      */
@@ skipping 101 matching lines @@
  *
  * XXX This *should* be based on some configuration parameter, so that
  * different usages could specify exactly what constitutes "sufficiently
  * recent".  But that is not going to happen right away.  For now, we
  * want something from within the last 24 hours.  This macro defines that
  * number in seconds.
  */
 #define OCSP_ALLOWABLE_LAPSE_SECONDS    (24L * 60L * 60L)
 
 static PRBool
-ocsp_TimeIsRecent(int64 checkTime)
+ocsp_TimeIsRecent(PRTime checkTime)
 {
-    int64 now = PR_Now();
-    int64 lapse, tmp;
+    PRTime now = PR_Now();
+    PRTime lapse, tmp;
 
     LL_I2L(lapse, OCSP_ALLOWABLE_LAPSE_SECONDS);
     LL_I2L(tmp, PR_USEC_PER_SEC);
     LL_MUL(lapse, lapse, tmp);          /* allowable lapse in microseconds */
 
     LL_ADD(checkTime, checkTime, lapse);
     if (LL_CMP(now, >, checkTime))
         return PR_FALSE;
 
     return PR_TRUE;
@@ skipping 51 matching lines @@
  * If any of those checks fail, SECFailure is returned and an error is set:
  *      SEC_ERROR_OCSP_FUTURE_RESPONSE
  *      SEC_ERROR_OCSP_OLD_RESPONSE
  *      SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE
  * Other errors are low-level problems (no memory, bad database, etc.).
  */ 
 static SECStatus
 ocsp_VerifySingleResponse(CERTOCSPSingleResponse *single,
                           CERTCertDBHandle *handle,
                           CERTCertificate *signerCert,
-                          int64 producedAt)
+                          PRTime producedAt)
 {
     CERTOCSPCertID *certID = single->certID;
-    int64 now, thisUpdate, nextUpdate, tmstamp, tmp;
+    PRTime now, thisUpdate, nextUpdate, tmstamp, tmp;
     SECStatus rv;
 
     OCSP_TRACE(("OCSP ocsp_VerifySingleResponse, nextUpdate: %d\n", 
                ((single->nextUpdate) != 0)));
     /*
      * If all the responder said was that the given cert was unknown to it,
      * that is a valid response.  Not very interesting to us, of course,
      * but all this function is concerned with is validity of the response,
      * not the status of the cert.
      */
@@ skipping 65 matching lines @@
  *     This result should be freed (via PORT_Free) when no longer in use.
  */
 char *
 CERT_GetOCSPAuthorityInfoAccessLocation(CERTCertificate *cert)
 {
     CERTGeneralName *locname = NULL;
     SECItem *location = NULL;
     SECItem *encodedAuthInfoAccess = NULL;
     CERTAuthInfoAccess **authInfoAccess = NULL;
     char *locURI = NULL;
-    PRArenaPool *arena = NULL;
+    PLArenaPool *arena = NULL;
     SECStatus rv;
     int i;
 
     /*
      * Allocate this one from the heap because it will get filled in
      * by CERT_FindCertExtension which will also allocate from the heap,
      * and we can free the entire thing on our way out.
      */
     encodedAuthInfoAccess = SECITEM_AllocItem(NULL, NULL, 0);
     if (encodedAuthInfoAccess == NULL)
@@ skipping 133 matching lines @@
         }
     }
     return ocspUrl;
 }
 
 /*
  * Return SECSuccess if the cert was revoked *after* "time",
  * SECFailure otherwise.
  */
 static SECStatus
-ocsp_CertRevokedAfter(ocspRevokedInfo *revokedInfo, int64 time)
+ocsp_CertRevokedAfter(ocspRevokedInfo *revokedInfo, PRTime time)
 {
-    int64 revokedTime;
+    PRTime revokedTime;
     SECStatus rv;
 
     rv = DER_GeneralizedTimeToTime(&revokedTime, &revokedInfo->revocationTime);
     if (rv != SECSuccess)
         return rv;
 
     /*
      * Set the error even if we will return success; someone might care.
      */
     PORT_SetError(SEC_ERROR_REVOKED_CERTIFICATE);
 
     if (LL_CMP(revokedTime, >, time))
         return SECSuccess;
 
     return SECFailure;
 }
 
 /*
  * See if the cert represented in the single response had a good status
  * at the specified time.
  */
 static SECStatus
-ocsp_CertHasGoodStatus(ocspCertStatus *status, int64 time)
+ocsp_CertHasGoodStatus(ocspCertStatus *status, PRTime time)
 {
     SECStatus rv;
     switch (status->certStatusType) {
     case ocspCertStatus_good:
         rv = SECSuccess;
         break;
     case ocspCertStatus_revoked:
         rv = ocsp_CertRevokedAfter(status->certStatusInfo.revokedInfo, time);
         break;
     case ocspCertStatus_unknown:
         PORT_SetError(SEC_ERROR_OCSP_UNKNOWN_CERT);
         rv = SECFailure;
         break;
     case ocspCertStatus_other:
     default:
         PORT_Assert(0);
         PORT_SetError(SEC_ERROR_OCSP_MALFORMED_RESPONSE);
         rv = SECFailure;
         break;
     }
     return rv;
 }
 
 static SECStatus
 ocsp_SingleResponseCertHasGoodStatus(CERTOCSPSingleResponse *single, 
-                                     int64 time)
+                                     PRTime time)
 {
     return ocsp_CertHasGoodStatus(single->certStatus, time);
 }
 
 /* Return value SECFailure means: not found or not fresh.
  * On SECSuccess, the out parameters contain the OCSP status.
  * rvOcsp contains the overall result of the OCSP operation.
  * Depending on input parameter ignoreGlobalOcspFailureSetting,
  * a soft failure might be converted into *rvOcsp=SECSuccess.
  * If the cached attempt to obtain OCSP information had resulted
  * in a failure, missingResponseError shows the error code of
  * that failure.
  */
 SECStatus
 ocsp_GetCachedOCSPResponseStatusIfFresh(CERTOCSPCertID *certID, 
-                                        int64 time, 
+                                        PRTime time,
                                         PRBool ignoreGlobalOcspFailureSetting,
                                         SECStatus *rvOcsp,
                                         SECErrorCodes *missingResponseError)
 {
     OCSPCacheItem *cacheItem = NULL;
     SECStatus rv = SECFailure;
   
     if (!certID || !missingResponseError || !rvOcsp) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return SECFailure;
@@ skipping 51 matching lines @@
  *   (If no AIA extension for OCSP and no default responder in place, the
  *   cert is considered to have a good status and SECSuccess is returned.)
  * INPUTS:
  *   CERTCertDBHandle *handle
  *     certificate DB of the cert that is being checked
  *   CERTCertificate *cert
  *     the certificate being checked
  *   XXX in the long term also need a boolean parameter that specifies
  *      whether to check the cert chain, as well; for now we check only
  *      the leaf (the specified certificate)
- *   int64 time
+ *   PRTime time
  *     time for which status is to be determined
  *   void *pwArg
  *     argument for password prompting, if needed
  * RETURN:
  *   Returns SECSuccess if an approved OCSP responder "knows" the cert
  *   *and* returns a non-revoked status for it; SECFailure otherwise,
  *   with an error set describing the reason:
  *
  *      SEC_ERROR_OCSP_BAD_HTTP_RESPONSE
  *      SEC_ERROR_OCSP_FUTURE_RESPONSE
@@ skipping 16 matching lines @@
  *      SEC_ERROR_UNKNOWN_ISSUER
  *      SEC_ERROR_UNKNOWN_SIGNER
  *
  *   Other errors are any of the many possible failures in cert verification
  *   (e.g. SEC_ERROR_REVOKED_CERTIFICATE, SEC_ERROR_UNTRUSTED_ISSUER) when
  *   verifying the signer's cert, or low-level problems (error allocating
  *   memory, error performing ASN.1 decoding, etc.).
  */    
 SECStatus 
 CERT_CheckOCSPStatus(CERTCertDBHandle *handle, CERTCertificate *cert,
-                     int64 time, void *pwArg)
+                     PRTime time, void *pwArg)
 {
     CERTOCSPCertID *certID;
     PRBool certIDWasConsumed = PR_FALSE;
     SECStatus rv = SECFailure;
     SECStatus rvOcsp;
     SECErrorCodes dummy_error_code; /* we ignore this */
   
     OCSP_TRACE_CERT(cert);
     OCSP_TRACE_TIME("## requested validity time:", time);
   
@@ skipping 33 matching lines @@
  *   cache.
  *
  *   This function is intended for use when OCSP responses are provided via a
  *   side-channel, i.e. TLS OCSP stapling (a.k.a. the status_request extension).
  *
  * INPUTS:
  *   CERTCertDBHandle *handle
  *     certificate DB of the cert that is being checked
  *   CERTCertificate *cert
  *     the certificate being checked
- *   int64 time
+ *   PRTime time
  *     time for which status is to be determined
  *   SECItem *encodedResponse
  *     the DER encoded bytes of the OCSP response
  *   void *pwArg
  *     argument for password prompting, if needed
  * RETURN:
  *   SECSuccess if the cert was found in the cache, or if the OCSP response was
  *   found to be valid and inserted into the cache. SECFailure otherwise.
  */
 SECStatus
 CERT_CacheOCSPResponseFromSideChannel(CERTCertDBHandle *handle,
                                       CERTCertificate *cert,
-                                      int64 time,
+                                      PRTime time,
                                       const SECItem *encodedResponse,
                                       void *pwArg)
 {
     CERTOCSPCertID *certID = NULL;
     PRBool certIDWasConsumed = PR_FALSE;
     SECStatus rv = SECFailure;
     SECStatus rvOcsp;
     SECErrorCodes dummy_error_code; /* we ignore this */
 
     /* The OCSP cache can be in three states regarding this certificate:
@@ skipping 66 matching lines @@
 }
 
 /*
  * Status in *certIDWasConsumed will always be correct, regardless of 
  * return value.
  */
 static SECStatus
 ocsp_GetOCSPStatusFromNetwork(CERTCertDBHandle *handle, 
                               CERTOCSPCertID *certID, 
                               CERTCertificate *cert, 
-                              int64 time, 
+                              PRTime time,
                               void *pwArg,
                               PRBool *certIDWasConsumed,
                               SECStatus *rv_ocsp)
 {
     char *location = NULL;
     PRBool locationIsDefault;
     SECItem *encodedResponse = NULL;
     CERTOCSPRequest *request = NULL;
     SECStatus rv = SECFailure;
 
@@ skipping 85 matching lines @@
  *   A 'good' response is a valid response that attests that the certificate
  *   is not currently revoked (see RFC 2560 Section 2.2).
  *
  * INPUTS:
  *   CERTCertDBHandle *handle
  *     certificate DB of the cert that is being checked
  *   CERTOCSPCertID *certID
  *     the cert ID corresponding to |cert|
  *   CERTCertificate *cert
  *     the certificate being checked
- *   int64 time
+ *   PRTime time
  *     time for which status is to be determined
  *   void *pwArg
  *     the opaque argument to the password prompting function.
  *   SECItem *encodedResponse
  *     the DER encoded bytes of the OCSP response
  *   PRBool cacheInvalid
  *     If true then invalid responses will cause a negative cache entry to be
  *     created. (Invalid means bad syntax, bad signature etc)
  *   PRBool *certIDWasConsumed
  *     (output) on return, this is true iff |certID| was consumed by this
  *     function.
  *   SECStatus *rv_ocsp
  *     (output) on return, this is SECSuccess iff the response is good (see
  *     definition of 'good' above).
  * RETURN:
  *   SECSuccess iff the response is valid.
  */
 static SECStatus
 ocsp_CacheEncodedOCSPResponse(CERTCertDBHandle *handle,
                               CERTOCSPCertID *certID,
                               CERTCertificate *cert,
-                              int64 time,
+                              PRTime time,
                               void *pwArg,
                               const SECItem *encodedResponse,
                               PRBool cacheInvalid,
                               PRBool *certIDWasConsumed,
                               SECStatus *rv_ocsp)
 {
     CERTOCSPResponse *response = NULL;
     CERTCertificate *signerCert = NULL;
     CERTCertificate *issuerCert = NULL;
     CERTOCSPSingleResponse *single = NULL;
@@ skipping 70 matching lines @@
     if (response != NULL)
         CERT_DestroyOCSPResponse(response);
     return rv;
 }
 
 static SECStatus
 ocsp_GetVerifiedSingleResponseForCertID(CERTCertDBHandle *handle, 
                                         CERTOCSPResponse *response, 
                                         CERTOCSPCertID   *certID,
                                         CERTCertificate  *signerCert,
-                                        int64             time,
+                                        PRTime            time,
                                         CERTOCSPSingleResponse 
                                             **pSingleResponse)
 {
     SECStatus rv;
     ocspResponseData *responseData;
-    int64 producedAt;
+    PRTime producedAt;
     CERTOCSPSingleResponse *single;
 
     /*
      * The ResponseData part is the real guts of the response.
      */
     responseData = ocsp_GetResponseData(response, NULL);
     if (responseData == NULL) {
         rv = SECFailure;
         goto loser;
     }
@@ skipping 22 matching lines @@
 
 loser:
     return rv;
 }
 
 SECStatus
 CERT_GetOCSPStatusForCertID(CERTCertDBHandle *handle, 
                             CERTOCSPResponse *response, 
                             CERTOCSPCertID   *certID,
                             CERTCertificate  *signerCert,
-                            int64             time)
+                            PRTime            time)
 {
     /*
      * We do not update the cache, because:
      *
      * CERT_GetOCSPStatusForCertID is an old exported API that was introduced
      * before the OCSP cache got implemented.
      *
      * The implementation of helper function cert_ProcessOCSPResponse
      * requires the ability to transfer ownership of the the given certID to
      * the cache. The external API doesn't allow us to prevent the caller from
@@ skipping 13 matching lines @@
 }
 
 /*
  * The first 5 parameters match the definition of CERT_GetOCSPStatusForCertID.
  */
 SECStatus
 cert_ProcessOCSPResponse(CERTCertDBHandle *handle, 
                          CERTOCSPResponse *response, 
                          CERTOCSPCertID   *certID,
                          CERTCertificate  *signerCert,
-                         int64             time,
+                         PRTime            time,
                          PRBool           *certIDWasConsumed,
                          SECStatus        *cacheUpdateStatus)
 {
     SECStatus rv;
     SECStatus rv_cache = SECSuccess;
     CERTOCSPSingleResponse *single = NULL;
 
     rv = ocsp_GetVerifiedSingleResponseForCertID(handle, response, certID, 
                                                  signerCert, time, &single);
     if (rv == SECSuccess) {
@@ skipping 516 matching lines @@
       case ocspResponse_unauthorized:
         PORT_SetError(SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST);
         break;
       case ocspResponse_unused:
       default:
         PORT_SetError(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS);
         break;
     }
     return SECFailure;
 }