diff options
| author | Nicholas Nethercote <nnethercote@mozilla.com> | 2014-11-18 15:16:24 -0800 |
|---|---|---|
| committer | Nicholas Nethercote <nnethercote@mozilla.com> | 2014-11-18 15:16:24 -0800 |
| commit | 40ab80997e8f2474a6c659334fb4eb6fa2c0c3f3 (patch) | |
| tree | 84ba58ea9b93b24b22d453c8aae7ab8ccab5a0e9 | |
| parent | 91ff991ecc874cc295eb24fc4e0e04428adb37a8 (diff) | |
| download | nss-hg-40ab80997e8f2474a6c659334fb4eb6fa2c0c3f3.tar.gz | |
Bug 1095307 - Clean up nssPKIX509_GetIssuerAndSerialFromDER(). r=relyea.NSS_3_18_BETA3
This patch:
- Removes the two static issuer_and_serial_from_encoding() functions.
- Rewrites nssPKIX509_GetIssuerAndSerialFromDER() to be almost identical to the
issuer_and_serial_from_encoding() from pkistore.c. This new version avoids
unnecessary heap allocations (and so doesn't need an |arena| argument),
obtains the issuer and serial in the order suggested by the function name,
and is more readable than the old version.
- Tweaks nssTrustDomain_FindCertificateByEncodedCertificate() to be more like
nssTrustDomain_GetCertByDERFromCache() and
nssCertificateStore_FindCertificateByEncodedCertificate(), which are the
other two functions that now call nssPKIX509_GetIssuerAndSerialFromDER().
| -rw-r--r-- | lib/pki/pki3hack.c | 21 | ||||
| -rw-r--r-- | lib/pki/pki3hack.h | 2 | ||||
| -rw-r--r-- | lib/pki/pkistore.c | 30 | ||||
| -rw-r--r-- | lib/pki/tdcache.c | 28 | ||||
| -rw-r--r-- | lib/pki/trustdomain.c | 12 |
5 files changed, 19 insertions, 74 deletions
diff --git a/lib/pki/pki3hack.c b/lib/pki/pki3hack.c index 6364eaf33..7430ca9f4 100644 --- a/lib/pki/pki3hack.c +++ b/lib/pki/pki3hack.c @@ -247,27 +247,28 @@ STAN_GetCertIdentifierFromDER(NSSArena *arenaOpt, NSSDER *der) } NSS_IMPLEMENT PRStatus -nssPKIX509_GetIssuerAndSerialFromDER(NSSDER *der, NSSArena *arena, +nssPKIX509_GetIssuerAndSerialFromDER(NSSDER *der, NSSDER *issuer, NSSDER *serial) { - SECStatus secrv; - SECItem derCert; + SECItem derCert = { 0 }; SECItem derIssuer = { 0 }; SECItem derSerial = { 0 }; - SECITEM_FROM_NSSITEM(&derCert, der); - secrv = CERT_SerialNumberFromDERCert(&derCert, &derSerial); + SECStatus secrv; + derCert.data = (unsigned char *)der->data; + derCert.len = der->size; + secrv = CERT_IssuerNameFromDERCert(&derCert, &derIssuer); if (secrv != SECSuccess) { return PR_FAILURE; } - (void)nssItem_Create(arena, serial, derSerial.len, derSerial.data); - secrv = CERT_IssuerNameFromDERCert(&derCert, &derIssuer); + secrv = CERT_SerialNumberFromDERCert(&derCert, &derSerial); if (secrv != SECSuccess) { PORT_Free(derSerial.data); return PR_FAILURE; } - (void)nssItem_Create(arena, issuer, derIssuer.len, derIssuer.data); - PORT_Free(derSerial.data); - PORT_Free(derIssuer.data); + issuer->data = derIssuer.data; + issuer->size = derIssuer.len; + serial->data = derSerial.data; + serial->size = derSerial.len; return PR_SUCCESS; } diff --git a/lib/pki/pki3hack.h b/lib/pki/pki3hack.h index 6c74200bd..39fab75a8 100644 --- a/lib/pki/pki3hack.h +++ b/lib/pki/pki3hack.h @@ -77,7 +77,7 @@ NSS_EXTERN PRStatus STAN_ChangeCertTrust(CERTCertificate *cc, CERTCertTrust *trust); NSS_EXTERN PRStatus -nssPKIX509_GetIssuerAndSerialFromDER(NSSDER *der, NSSArena *arena, +nssPKIX509_GetIssuerAndSerialFromDER(NSSDER *der, NSSDER *issuer, NSSDER *serial); NSS_EXTERN char * diff --git a/lib/pki/pkistore.c b/lib/pki/pkistore.c index 3bdf290c0..15bb65865 100644 --- a/lib/pki/pkistore.c +++ b/lib/pki/pkistore.c @@ -23,6 +23,7 @@ #endif /* PKISTORE_H */ #include "cert.h" +#include "pki3hack.h" #include "prbit.h" @@ -554,33 +555,6 @@ nssCertificateStore_FindCertificateByIssuerAndSerialNumber ( return rvCert; } -static PRStatus -issuer_and_serial_from_encoding ( - NSSBER *encoding, - NSSDER *issuer, - NSSDER *serial -) -{ - SECItem derCert, derIssuer, derSerial; - SECStatus secrv; - derCert.data = (unsigned char *)encoding->data; - derCert.len = encoding->size; - secrv = CERT_IssuerNameFromDERCert(&derCert, &derIssuer); - if (secrv != SECSuccess) { - return PR_FAILURE; - } - secrv = CERT_SerialNumberFromDERCert(&derCert, &derSerial); - if (secrv != SECSuccess) { - PORT_Free(derIssuer.data); - return PR_FAILURE; - } - issuer->data = derIssuer.data; - issuer->size = derIssuer.len; - serial->data = derSerial.data; - serial->size = derSerial.len; - return PR_SUCCESS; -} - NSS_IMPLEMENT NSSCertificate * nssCertificateStore_FindCertificateByEncodedCertificate ( nssCertificateStore *store, @@ -590,7 +564,7 @@ nssCertificateStore_FindCertificateByEncodedCertificate ( PRStatus nssrv = PR_FAILURE; NSSDER issuer, serial; NSSCertificate *rvCert = NULL; - nssrv = issuer_and_serial_from_encoding(encoding, &issuer, &serial); + nssrv = nssPKIX509_GetIssuerAndSerialFromDER(encoding, &issuer, &serial); if (nssrv != PR_SUCCESS) { return NULL; } diff --git a/lib/pki/tdcache.c b/lib/pki/tdcache.c index 0842d8b2c..4d3ebbaab 100644 --- a/lib/pki/tdcache.c +++ b/lib/pki/tdcache.c @@ -1046,32 +1046,6 @@ nssTrustDomain_GetCertForIssuerAndSNFromCache ( return rvCert; } -static PRStatus -issuer_and_serial_from_encoding ( - NSSBER *encoding, - NSSDER *issuer, - NSSDER *serial -) -{ - SECItem derCert, derIssuer, derSerial; - SECStatus secrv; - derCert.data = (unsigned char *)encoding->data; - derCert.len = encoding->size; - secrv = CERT_IssuerNameFromDERCert(&derCert, &derIssuer); - if (secrv != SECSuccess) { - return PR_FAILURE; - } - secrv = CERT_SerialNumberFromDERCert(&derCert, &derSerial); - if (secrv != SECSuccess) { - return PR_FAILURE; - } - issuer->data = derIssuer.data; - issuer->size = derIssuer.len; - serial->data = derSerial.data; - serial->size = derSerial.len; - return PR_SUCCESS; -} - /* * Look for a specific cert in the cache */ @@ -1084,7 +1058,7 @@ nssTrustDomain_GetCertByDERFromCache ( PRStatus nssrv = PR_FAILURE; NSSDER issuer, serial; NSSCertificate *rvCert; - nssrv = issuer_and_serial_from_encoding(der, &issuer, &serial); + nssrv = nssPKIX509_GetIssuerAndSerialFromDER(der, &issuer, &serial); if (nssrv != PR_SUCCESS) { return NULL; } diff --git a/lib/pki/trustdomain.c b/lib/pki/trustdomain.c index ec2086f11..a3d26a88d 100644 --- a/lib/pki/trustdomain.c +++ b/lib/pki/trustdomain.c @@ -831,20 +831,16 @@ nssTrustDomain_FindCertificateByEncodedCertificate ( NSSCertificate *rvCert = NULL; NSSDER issuer = { 0 }; NSSDER serial = { 0 }; - NSSArena *arena = nssArena_Create(); - if (!arena) { - return (NSSCertificate *)NULL; - } /* XXX this is not generic... will any cert crack into issuer/serial? */ - status = nssPKIX509_GetIssuerAndSerialFromDER(ber, arena, &issuer, &serial); + status = nssPKIX509_GetIssuerAndSerialFromDER(ber, &issuer, &serial); if (status != PR_SUCCESS) { - goto finish; + return NULL; } rvCert = nssTrustDomain_FindCertificateByIssuerAndSerialNumber(td, &issuer, &serial); -finish: - nssArena_Destroy(arena); + PORT_Free(issuer.data); + PORT_Free(serial.data); return rvCert; } |