summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFranziskus Kiefer <franziskuskiefer@gmail.com>2016-01-18 15:02:50 +0100
committerFranziskus Kiefer <franziskuskiefer@gmail.com>2016-01-18 15:02:50 +0100
commit419545ad071f68acb0ca404937a333a7b5a820db (patch)
tree9d8f12e71a42d783c90e505a9593c70f229d1551
parenteb895cf42d8d6bc3a9006a0d5b39b7697712025c (diff)
downloadnss-hg-419545ad071f68acb0ca404937a333a7b5a820db.tar.gz
Bug 1235579, clang-format on lib/crmf with manual corrections, r=kaie
Diffstat
-rw-r--r--lib/crmf/asn1cmn.c202
-rw-r--r--lib/crmf/challcli.c171
-rw-r--r--lib/crmf/cmmf.h504
-rw-r--r--lib/crmf/cmmfasn1.c85
-rw-r--r--lib/crmf/cmmfchal.c181
-rw-r--r--lib/crmf/cmmfi.h84
-rw-r--r--lib/crmf/cmmfit.h83
-rw-r--r--lib/crmf/cmmfrec.c207
-rw-r--r--lib/crmf/cmmfresp.c209
-rw-r--r--lib/crmf/cmmft.h24
-rw-r--r--lib/crmf/crmf.h591
-rw-r--r--lib/crmf/crmfcont.c982
-rw-r--r--lib/crmf/crmfdec.c315
-rw-r--r--lib/crmf/crmfenc.c45
-rw-r--r--lib/crmf/crmffut.h172
-rw-r--r--lib/crmf/crmfget.c303
-rw-r--r--lib/crmf/crmfi.h145
-rw-r--r--lib/crmf/crmfit.h140
-rw-r--r--lib/crmf/crmfpop.c462
-rw-r--r--lib/crmf/crmfreq.c527
-rw-r--r--lib/crmf/crmft.h68
-rw-r--r--lib/crmf/crmftmpl.c189
-rw-r--r--lib/crmf/encutil.c13
-rw-r--r--lib/crmf/respcli.c75
-rw-r--r--lib/crmf/respcmn.c335
-rw-r--r--lib/crmf/servget.c572
26 files changed, 3311 insertions, 3373 deletions
diff --git a/lib/crmf/asn1cmn.c b/lib/crmf/asn1cmn.c
index af8667066..6cf469fb4 100644
--- a/lib/crmf/asn1cmn.c
+++ b/lib/crmf/asn1cmn.c
@@ -11,94 +11,94 @@ SEC_ASN1_MKSUB(SEC_IntegerTemplate)
SEC_ASN1_MKSUB(SEC_SignedCertificateTemplate)
static const SEC_ASN1Template CMMFCertResponseTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFCertResponse)},
- { SEC_ASN1_INTEGER, offsetof(CMMFCertResponse, certReqId)},
- { SEC_ASN1_INLINE, offsetof(CMMFCertResponse, status),
- CMMFPKIStatusInfoTemplate},
- { SEC_ASN1_OPTIONAL | SEC_ASN1_POINTER,
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFCertResponse) },
+ { SEC_ASN1_INTEGER, offsetof(CMMFCertResponse, certReqId) },
+ { SEC_ASN1_INLINE, offsetof(CMMFCertResponse, status),
+ CMMFPKIStatusInfoTemplate },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_POINTER,
offsetof(CMMFCertResponse, certifiedKeyPair),
- CMMFCertifiedKeyPairTemplate},
+ CMMFCertifiedKeyPairTemplate },
{ 0 }
};
static const SEC_ASN1Template CMMFCertOrEncCertTemplate[] = {
- { SEC_ASN1_ANY, offsetof(CMMFCertOrEncCert, derValue), NULL,
- sizeof(CMMFCertOrEncCert)},
+ { SEC_ASN1_ANY, offsetof(CMMFCertOrEncCert, derValue), NULL,
+ sizeof(CMMFCertOrEncCert) },
{ 0 }
};
const SEC_ASN1Template CMMFCertifiedKeyPairTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFCertifiedKeyPair)},
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFCertifiedKeyPair) },
{ SEC_ASN1_INLINE, offsetof(CMMFCertifiedKeyPair, certOrEncCert),
CMMFCertOrEncCertTemplate },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | 0,
offsetof(CMMFCertifiedKeyPair, privateKey),
- CRMFEncryptedValueTemplate},
- { SEC_ASN1_NO_STREAM | SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC |
- SEC_ASN1_XTRN | 1,
- offsetof (CMMFCertifiedKeyPair, derPublicationInfo),
+ CRMFEncryptedValueTemplate },
+ { SEC_ASN1_NO_STREAM | SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC |
+ SEC_ASN1_XTRN | 1,
+ offsetof(CMMFCertifiedKeyPair, derPublicationInfo),
SEC_ASN1_SUB(SEC_AnyTemplate) },
{ 0 }
};
const SEC_ASN1Template CMMFPKIStatusInfoTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFPKIStatusInfo)},
- { SEC_ASN1_INTEGER, offsetof(CMMFPKIStatusInfo, status)},
- { SEC_ASN1_OPTIONAL | SEC_ASN1_UTF8_STRING,
- offsetof(CMMFPKIStatusInfo, statusString)},
- { SEC_ASN1_OPTIONAL | SEC_ASN1_BIT_STRING,
- offsetof(CMMFPKIStatusInfo, failInfo)},
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFPKIStatusInfo) },
+ { SEC_ASN1_INTEGER, offsetof(CMMFPKIStatusInfo, status) },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_UTF8_STRING,
+ offsetof(CMMFPKIStatusInfo, statusString) },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_BIT_STRING,
+ offsetof(CMMFPKIStatusInfo, failInfo) },
{ 0 }
};
const SEC_ASN1Template CMMFSequenceOfCertsTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF| SEC_ASN1_XTRN, 0,
- SEC_ASN1_SUB(SEC_SignedCertificateTemplate)}
+ { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN, 0,
+ SEC_ASN1_SUB(SEC_SignedCertificateTemplate) }
};
const SEC_ASN1Template CMMFRandTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFRand)},
- { SEC_ASN1_INTEGER, offsetof(CMMFRand, integer)},
- { SEC_ASN1_OCTET_STRING, offsetof(CMMFRand, senderHash)},
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFRand) },
+ { SEC_ASN1_INTEGER, offsetof(CMMFRand, integer) },
+ { SEC_ASN1_OCTET_STRING, offsetof(CMMFRand, senderHash) },
{ 0 }
};
const SEC_ASN1Template CMMFPOPODecKeyRespContentTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN,
+ { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN,
offsetof(CMMFPOPODecKeyRespContent, responses),
- SEC_ASN1_SUB(SEC_IntegerTemplate),
- sizeof(CMMFPOPODecKeyRespContent)},
+ SEC_ASN1_SUB(SEC_IntegerTemplate),
+ sizeof(CMMFPOPODecKeyRespContent) },
{ 0 }
};
const SEC_ASN1Template CMMFCertOrEncCertEncryptedCertTemplate[] = {
{ SEC_ASN1_CONTEXT_SPECIFIC | 1,
0,
- CRMFEncryptedValueTemplate},
+ CRMFEncryptedValueTemplate },
{ 0 }
};
const SEC_ASN1Template CMMFCertOrEncCertCertificateTemplate[] = {
{ SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
0,
- SEC_ASN1_SUB(SEC_SignedCertificateTemplate)},
+ SEC_ASN1_SUB(SEC_SignedCertificateTemplate) },
{ 0 }
};
const SEC_ASN1Template CMMFCertRepContentTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFCertRepContent)},
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFCertRepContent) },
{ SEC_ASN1_CONSTRUCTED | SEC_ASN1_OPTIONAL |
- SEC_ASN1_CONTEXT_SPECIFIC | 1,
+ SEC_ASN1_CONTEXT_SPECIFIC | 1,
offsetof(CMMFCertRepContent, caPubs),
CMMFSequenceOfCertsTemplate },
{ SEC_ASN1_SEQUENCE_OF, offsetof(CMMFCertRepContent, response),
- CMMFCertResponseTemplate},
+ CMMFCertResponseTemplate },
{ 0 }
};
static const SEC_ASN1Template CMMFChallengeTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFChallenge)},
- { SEC_ASN1_POINTER | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN,
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFChallenge) },
+ { SEC_ASN1_POINTER | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN,
offsetof(CMMFChallenge, owf),
SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
{ SEC_ASN1_OCTET_STRING, offsetof(CMMFChallenge, witness) },
@@ -109,27 +109,27 @@ static const SEC_ASN1Template CMMFChallengeTemplate[] = {
};
const SEC_ASN1Template CMMFPOPODecKeyChallContentTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF,offsetof(CMMFPOPODecKeyChallContent, challenges),
+ { SEC_ASN1_SEQUENCE_OF, offsetof(CMMFPOPODecKeyChallContent, challenges),
CMMFChallengeTemplate, sizeof(CMMFPOPODecKeyChallContent) },
{ 0 }
};
SECStatus
-cmmf_decode_process_cert_response(PLArenaPool *poolp,
- CERTCertDBHandle *db,
- CMMFCertResponse *inCertResp)
+cmmf_decode_process_cert_response(PLArenaPool *poolp,
+ CERTCertDBHandle *db,
+ CMMFCertResponse *inCertResp)
{
SECStatus rv = SECSuccess;
-
+
if (inCertResp->certifiedKeyPair != NULL) {
- rv = cmmf_decode_process_certified_key_pair(poolp,
- db,
- inCertResp->certifiedKeyPair);
+ rv = cmmf_decode_process_certified_key_pair(poolp,
+ db,
+ inCertResp->certifiedKeyPair);
}
return rv;
}
-static CERTCertificate*
+static CERTCertificate *
cmmf_DecodeDERCertificate(CERTCertDBHandle *db, SECItem *derCert)
{
CERTCertificate *newCert;
@@ -141,80 +141,76 @@ cmmf_DecodeDERCertificate(CERTCertDBHandle *db, SECItem *derCert)
static CMMFCertOrEncCertChoice
cmmf_get_certorenccertchoice_from_der(SECItem *der)
{
- CMMFCertOrEncCertChoice retChoice;
-
- switch(der->data[0] & 0x0f) {
- case 0:
- retChoice = cmmfCertificate;
- break;
- case 1:
- retChoice = cmmfEncryptedCert;
- break;
- default:
- retChoice = cmmfNoCertOrEncCert;
- break;
+ CMMFCertOrEncCertChoice retChoice;
+
+ switch (der->data[0] & 0x0f) {
+ case 0:
+ retChoice = cmmfCertificate;
+ break;
+ case 1:
+ retChoice = cmmfEncryptedCert;
+ break;
+ default:
+ retChoice = cmmfNoCertOrEncCert;
+ break;
}
return retChoice;
}
static SECStatus
-cmmf_decode_process_certorenccert(PLArenaPool *poolp,
- CERTCertDBHandle *db,
- CMMFCertOrEncCert *inCertOrEncCert)
+cmmf_decode_process_certorenccert(PLArenaPool *poolp,
+ CERTCertDBHandle *db,
+ CMMFCertOrEncCert *inCertOrEncCert)
{
SECStatus rv = SECSuccess;
- inCertOrEncCert->choice =
+ inCertOrEncCert->choice =
cmmf_get_certorenccertchoice_from_der(&inCertOrEncCert->derValue);
switch (inCertOrEncCert->choice) {
- case cmmfCertificate:
- {
- /* The DER has implicit tagging, so we gotta switch it to
- * un-tagged in order for the ASN1 parser to understand it.
- * Saving the bits that were changed.
- */
- inCertOrEncCert->derValue.data[0] = 0x30;
- inCertOrEncCert->cert.certificate =
- cmmf_DecodeDERCertificate(db, &inCertOrEncCert->derValue);
- if (inCertOrEncCert->cert.certificate == NULL) {
- rv = SECFailure;
- }
-
- }
- break;
- case cmmfEncryptedCert:
- PORT_Assert(poolp);
- if (!poolp) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- rv = SECFailure;
- break;
- }
- inCertOrEncCert->cert.encryptedCert =
- PORT_ArenaZNew(poolp, CRMFEncryptedValue);
- if (inCertOrEncCert->cert.encryptedCert == NULL) {
- rv = SECFailure;
- break;
- }
- rv = SEC_ASN1Decode(poolp, inCertOrEncCert->cert.encryptedCert,
- CMMFCertOrEncCertEncryptedCertTemplate,
- (const char*)inCertOrEncCert->derValue.data,
- inCertOrEncCert->derValue.len);
- break;
- default:
- rv = SECFailure;
+ case cmmfCertificate: {
+ /* The DER has implicit tagging, so we gotta switch it to
+ * un-tagged in order for the ASN1 parser to understand it.
+ * Saving the bits that were changed.
+ */
+ inCertOrEncCert->derValue.data[0] = 0x30;
+ inCertOrEncCert->cert.certificate =
+ cmmf_DecodeDERCertificate(db, &inCertOrEncCert->derValue);
+ if (inCertOrEncCert->cert.certificate == NULL) {
+ rv = SECFailure;
+ }
+
+ } break;
+ case cmmfEncryptedCert:
+ PORT_Assert(poolp);
+ if (!poolp) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ rv = SECFailure;
+ break;
+ }
+ inCertOrEncCert->cert.encryptedCert =
+ PORT_ArenaZNew(poolp, CRMFEncryptedValue);
+ if (inCertOrEncCert->cert.encryptedCert == NULL) {
+ rv = SECFailure;
+ break;
+ }
+ rv = SEC_ASN1Decode(poolp, inCertOrEncCert->cert.encryptedCert,
+ CMMFCertOrEncCertEncryptedCertTemplate,
+ (const char *)inCertOrEncCert->derValue.data,
+ inCertOrEncCert->derValue.len);
+ break;
+ default:
+ rv = SECFailure;
}
return rv;
}
-SECStatus
-cmmf_decode_process_certified_key_pair(PLArenaPool *poolp,
- CERTCertDBHandle *db,
- CMMFCertifiedKeyPair *inCertKeyPair)
+SECStatus
+cmmf_decode_process_certified_key_pair(PLArenaPool *poolp,
+ CERTCertDBHandle *db,
+ CMMFCertifiedKeyPair *inCertKeyPair)
{
- return cmmf_decode_process_certorenccert (poolp,
- db,
- &inCertKeyPair->certOrEncCert);
+ return cmmf_decode_process_certorenccert(poolp,
+ db,
+ &inCertKeyPair->certOrEncCert);
}
-
-
diff --git a/lib/crmf/challcli.c b/lib/crmf/challcli.c
index eaff34958..f2e68594a 100644
--- a/lib/crmf/challcli.c
+++ b/lib/crmf/challcli.c
@@ -10,12 +10,12 @@
#include "secder.h"
#include "sechash.h"
-CMMFPOPODecKeyChallContent*
+CMMFPOPODecKeyChallContent *
CMMF_CreatePOPODecKeyChallContentFromDER(const char *buf, long len)
{
- PLArenaPool *poolp;
+ PLArenaPool *poolp;
CMMFPOPODecKeyChallContent *challContent;
- SECStatus rv;
+ SECStatus rv;
poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
if (poolp == NULL) {
@@ -26,19 +26,19 @@ CMMF_CreatePOPODecKeyChallContentFromDER(const char *buf, long len)
goto loser;
}
challContent->poolp = poolp;
- rv = SEC_ASN1Decode(poolp, challContent,
- CMMFPOPODecKeyChallContentTemplate, buf, len);
+ rv = SEC_ASN1Decode(poolp, challContent,
+ CMMFPOPODecKeyChallContentTemplate, buf, len);
if (rv != SECSuccess) {
goto loser;
}
if (challContent->challenges) {
- while (challContent->challenges[challContent->numChallenges] != NULL) {
- challContent->numChallenges++;
- }
- challContent->numAllocated = challContent->numChallenges;
+ while (challContent->challenges[challContent->numChallenges] != NULL) {
+ challContent->numChallenges++;
+ }
+ challContent->numAllocated = challContent->numChallenges;
}
return challContent;
- loser:
+loser:
if (poolp != NULL) {
PORT_FreeArena(poolp, PR_FALSE);
}
@@ -46,8 +46,7 @@ CMMF_CreatePOPODecKeyChallContentFromDER(const char *buf, long len)
}
int
-CMMF_POPODecKeyChallContentGetNumChallenges
- (CMMFPOPODecKeyChallContent *inKeyChallCont)
+CMMF_POPODecKeyChallContentGetNumChallenges(CMMFPOPODecKeyChallContent *inKeyChallCont)
{
PORT_Assert(inKeyChallCont != NULL);
if (inKeyChallCont == NULL) {
@@ -56,51 +55,50 @@ CMMF_POPODecKeyChallContentGetNumChallenges
return inKeyChallCont->numChallenges;
}
-SECItem*
-CMMF_POPODecKeyChallContentGetPublicValue
- (CMMFPOPODecKeyChallContent *inKeyChallCont,
- int inIndex)
+SECItem *
+CMMF_POPODecKeyChallContentGetPublicValue(CMMFPOPODecKeyChallContent *inKeyChallCont,
+ int inIndex)
{
PORT_Assert(inKeyChallCont != NULL);
- if (inKeyChallCont == NULL || (inIndex > inKeyChallCont->numChallenges-1)||
- inIndex < 0) {
+ if (inKeyChallCont == NULL || (inIndex > inKeyChallCont->numChallenges - 1) ||
+ inIndex < 0) {
return NULL;
}
return SECITEM_DupItem(&inKeyChallCont->challenges[inIndex]->key);
}
-static SECAlgorithmID*
-cmmf_get_owf(CMMFPOPODecKeyChallContent *inChalCont,
- int inIndex)
+static SECAlgorithmID *
+cmmf_get_owf(CMMFPOPODecKeyChallContent *inChalCont,
+ int inIndex)
{
- int i;
-
- for (i=inIndex; i >= 0; i--) {
- if (inChalCont->challenges[i]->owf != NULL) {
- return inChalCont->challenges[i]->owf;
- }
- }
- return NULL;
+ int i;
+
+ for (i = inIndex; i >= 0; i--) {
+ if (inChalCont->challenges[i]->owf != NULL) {
+ return inChalCont->challenges[i]->owf;
+ }
+ }
+ return NULL;
}
-SECStatus
+SECStatus
CMMF_POPODecKeyChallContDecryptChallenge(CMMFPOPODecKeyChallContent *inChalCont,
- int inIndex,
- SECKEYPrivateKey *inPrivKey)
+ int inIndex,
+ SECKEYPrivateKey *inPrivKey)
{
- CMMFChallenge *challenge;
- SECItem *decryptedRand=NULL;
- PLArenaPool *poolp = NULL;
+ CMMFChallenge *challenge;
+ SECItem *decryptedRand = NULL;
+ PLArenaPool *poolp = NULL;
SECAlgorithmID *owf;
- SECStatus rv = SECFailure;
- SECOidTag tag;
- CMMFRand randStr;
- SECItem hashItem;
- unsigned char hash[HASH_LENGTH_MAX];
+ SECStatus rv = SECFailure;
+ SECOidTag tag;
+ CMMFRand randStr;
+ SECItem hashItem;
+ unsigned char hash[HASH_LENGTH_MAX];
PORT_Assert(inChalCont != NULL && inPrivKey != NULL);
- if (inChalCont == NULL || inIndex <0 || inIndex > inChalCont->numChallenges
- || inPrivKey == NULL){
+ if (inChalCont == NULL || inIndex < 0 || inIndex > inChalCont->numChallenges ||
+ inPrivKey == NULL) {
return SECFailure;
}
@@ -114,21 +112,21 @@ CMMF_POPODecKeyChallContDecryptChallenge(CMMFPOPODecKeyChallContent *inChalCont,
if (decryptedRand == NULL) {
goto loser;
}
- rv = PK11_PrivDecryptPKCS1(inPrivKey, decryptedRand->data,
- &decryptedRand->len, decryptedRand->len,
- challenge->challenge.data, challenge->challenge.len);
+ rv = PK11_PrivDecryptPKCS1(inPrivKey, decryptedRand->data,
+ &decryptedRand->len, decryptedRand->len,
+ challenge->challenge.data, challenge->challenge.len);
if (rv != SECSuccess) {
goto loser;
}
rv = SEC_ASN1DecodeItem(poolp, &randStr, CMMFRandTemplate,
- decryptedRand);
+ decryptedRand);
if (rv != SECSuccess) {
goto loser;
}
rv = SECFailure; /* Just so that when we do go to loser,
- * I won't have to set it again.
- */
+ * I won't have to set it again.
+ */
owf = cmmf_get_owf(inChalCont, inIndex);
if (owf == NULL) {
/* No hashing algorithm came with the challenges. Can't verify */
@@ -138,7 +136,7 @@ CMMF_POPODecKeyChallContDecryptChallenge(CMMFPOPODecKeyChallContent *inChalCont,
tag = SECOID_FindOIDTag(&owf->algorithm);
hashItem.len = HASH_ResultLenByOidTag(tag);
if (!hashItem.len)
- goto loser; /* error code has been set */
+ goto loser; /* error code has been set */
rv = PK11_HashBuf(tag, hash, randStr.integer.data, randStr.integer.len);
if (rv != SECSuccess) {
@@ -147,46 +145,45 @@ CMMF_POPODecKeyChallContDecryptChallenge(CMMFPOPODecKeyChallContent *inChalCont,
hashItem.data = hash;
if (SECITEM_CompareItem(&hashItem, &challenge->witness) != SECEqual) {
/* The hash for the data we decrypted doesn't match the hash provided
- * in the challenge. Bail out.
- */
- PORT_SetError(SEC_ERROR_BAD_DATA);
+ * in the challenge. Bail out.
+ */
+ PORT_SetError(SEC_ERROR_BAD_DATA);
rv = SECFailure;
- goto loser;
+ goto loser;
}
- rv = PK11_HashBuf(tag, hash, challenge->senderDER.data,
- challenge->senderDER.len);
+ rv = PK11_HashBuf(tag, hash, challenge->senderDER.data,
+ challenge->senderDER.len);
if (rv != SECSuccess) {
goto loser;
}
if (SECITEM_CompareItem(&hashItem, &randStr.senderHash) != SECEqual) {
/* The hash for the data we decrypted doesn't match the hash provided
- * in the challenge. Bail out.
- */
- PORT_SetError(SEC_ERROR_BAD_DATA);
+ * in the challenge. Bail out.
+ */
+ PORT_SetError(SEC_ERROR_BAD_DATA);
rv = SECFailure;
- goto loser;
+ goto loser;
}
/* All of the hashes have verified, so we can now store the integer away.*/
rv = SECITEM_CopyItem(inChalCont->poolp, &challenge->randomNumber,
- &randStr.integer);
- loser:
+ &randStr.integer);
+loser:
if (poolp) {
- PORT_FreeArena(poolp, PR_FALSE);
+ PORT_FreeArena(poolp, PR_FALSE);
}
return rv;
}
SECStatus
-CMMF_POPODecKeyChallContentGetRandomNumber
- (CMMFPOPODecKeyChallContent *inKeyChallCont,
- int inIndex,
- long *inDest)
+CMMF_POPODecKeyChallContentGetRandomNumber(CMMFPOPODecKeyChallContent *inKeyChallCont,
+ int inIndex,
+ long *inDest)
{
CMMFChallenge *challenge;
-
+
PORT_Assert(inKeyChallCont != NULL);
- if (inKeyChallCont == NULL || inIndex > 0 || inIndex >=
- inKeyChallCont->numChallenges) {
+ if (inKeyChallCont == NULL || inIndex > 0 || inIndex >=
+ inKeyChallCont->numChallenges) {
return SECFailure;
}
challenge = inKeyChallCont->challenges[inIndex];
@@ -198,16 +195,16 @@ CMMF_POPODecKeyChallContentGetRandomNumber
return (*inDest == -1) ? SECFailure : SECSuccess;
}
-SECStatus
-CMMF_EncodePOPODecKeyRespContent(long *inDecodedRand,
- int inNumRand,
- CRMFEncoderOutputCallback inCallback,
- void *inArg)
+SECStatus
+CMMF_EncodePOPODecKeyRespContent(long *inDecodedRand,
+ int inNumRand,
+ CRMFEncoderOutputCallback inCallback,
+ void *inArg)
{
PLArenaPool *poolp;
CMMFPOPODecKeyRespContent *response;
SECItem *currItem;
- SECStatus rv=SECFailure;
+ SECStatus rv = SECFailure;
int i;
poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
@@ -218,23 +215,23 @@ CMMF_EncodePOPODecKeyRespContent(long *inDecodedRand,
if (response == NULL) {
goto loser;
}
- response->responses = PORT_ArenaZNewArray(poolp, SECItem*, inNumRand+1);
+ response->responses = PORT_ArenaZNewArray(poolp, SECItem *, inNumRand + 1);
if (response->responses == NULL) {
goto loser;
}
- for (i=0; i<inNumRand; i++) {
- currItem = response->responses[i] = PORT_ArenaZNew(poolp,SECItem);
- if (currItem == NULL) {
- goto loser;
- }
- currItem = SEC_ASN1EncodeInteger(poolp, currItem, inDecodedRand[i]);
- if (currItem == NULL) {
- goto loser;
- }
+ for (i = 0; i < inNumRand; i++) {
+ currItem = response->responses[i] = PORT_ArenaZNew(poolp, SECItem);
+ if (currItem == NULL) {
+ goto loser;
+ }
+ currItem = SEC_ASN1EncodeInteger(poolp, currItem, inDecodedRand[i]);
+ if (currItem == NULL) {
+ goto loser;
+ }
}
rv = cmmf_user_encode(response, inCallback, inArg,
- CMMFPOPODecKeyRespContentTemplate);
- loser:
+ CMMFPOPODecKeyRespContentTemplate);
+loser:
if (poolp != NULL) {
PORT_FreeArena(poolp, PR_FALSE);
}
diff --git a/lib/crmf/cmmf.h b/lib/crmf/cmmf.h
index b5b29a697..1e39a8d2d 100644
--- a/lib/crmf/cmmf.h
+++ b/lib/crmf/cmmf.h
@@ -6,7 +6,7 @@
#ifndef _CMMF_H_
#define _CMMF_H_
/*
- * These are the functions exported by the security library for
+ * These are the functions exported by the security library for
* implementing Certificate Management Message Formats (CMMF).
*
* This API is designed against July 1998 CMMF draft. Please read this
@@ -25,20 +25,20 @@ SEC_BEGIN_PROTOS
* INPUTS:
* NONE
* NOTES:
- * This function will create an empty CMMFCertRepContent Structure.
+ * This function will create an empty CMMFCertRepContent Structure.
* The client of the library must set the CMMFCertResponses.
* Call CMMF_CertRepContentSetCertResponse to accomplish this task.
- * If the client of the library also wants to include the chain of
- * CA certs required to make the certificates in CMMFCertResponse valid,
+ * If the client of the library also wants to include the chain of
+ * CA certs required to make the certificates in CMMFCertResponse valid,
* then the user must also set the caPubs field of CMMFCertRepContent.
* Call CMMF_CertRepContentSetCAPubs to accomplish this. After setting
- * the desired fields, the user can then call CMMF_EncodeCertRepContent
+ * the desired fields, the user can then call CMMF_EncodeCertRepContent
* to DER-encode the CertRepContent.
* RETURN:
- * A pointer to the CMMFCertRepContent. A NULL return value indicates
+ * A pointer to the CMMFCertRepContent. A NULL return value indicates
* an error in allocating memory or failure to initialize the structure.
*/
-extern CMMFCertRepContent* CMMF_CreateCertRepContent(void);
+extern CMMFCertRepContent *CMMF_CreateCertRepContent(void);
/*
* FUNCTION: CMMF_CreateCertRepContentFromDER
@@ -46,24 +46,24 @@ extern CMMFCertRepContent* CMMF_CreateCertRepContent(void);
* db
* The certificate database where the certificates will be placed.
* The certificates will be placed in the temporary database associated
- * with the handle.
+ * with the handle.
* buf
* A buffer to the DER-encoded CMMFCertRepContent
* len
* The length in bytes of the buffer 'buf'
* NOTES:
* This function passes the buffer to the ASN1 decoder and creates a
- * CMMFCertRepContent structure. The user must call
+ * CMMFCertRepContent structure. The user must call
* CMMF_DestroyCertRepContent after the return value is no longer needed.
*
* RETURN:
* A pointer to the CMMFCertRepContent structure. A NULL return
* value indicates the library was unable to parse the DER.
*/
-extern CMMFCertRepContent*
- CMMF_CreateCertRepContentFromDER(CERTCertDBHandle *db,
- const char *buf,
- long len);
+extern CMMFCertRepContent *
+CMMF_CreateCertRepContentFromDER(CERTCertDBHandle *db,
+ const char *buf,
+ long len);
/*
* FUNCTION: CMMF_CreateCertResponse
@@ -73,17 +73,17 @@ extern CMMFCertRepContent*
* NOTES:
* This creates a CMMFCertResponse. This response should correspond
* to a request that was received via CRMF. From the CRMF message you
- * can get the Request Id to pass in as inCertReqId, in essence binding
+ * can get the Request Id to pass in as inCertReqId, in essence binding
* a CMRFCertRequest message to the CMMFCertResponse created by this
* function. If no requuest id is associated with the response to create
* then the user should pass in -1 for 'inCertReqId'.
*
* RETURN:
- * A pointer to the new CMMFCertResponse corresponding to the request id
- * passed in. A NULL return value indicates an error while trying to
+ * A pointer to the new CMMFCertResponse corresponding to the request id
+ * passed in. A NULL return value indicates an error while trying to
* create the CMMFCertResponse.
*/
-extern CMMFCertResponse* CMMF_CreateCertResponse(long inCertReqId);
+extern CMMFCertResponse *CMMF_CreateCertResponse(long inCertReqId);
/*
* FUNCTION: CMMF_CreateKeyRecRepContent
@@ -91,7 +91,7 @@ extern CMMFCertResponse* CMMF_CreateCertResponse(long inCertReqId);
* NONE
* NOTES:
* This function creates a new empty CMMFKeyRecRepContent structure.
- * At the very minimum, the user must call
+ * At the very minimum, the user must call
* CMMF_KeyRecRepContentSetPKIStatusInfoStatus field to have an
* encodable structure. Depending on what the response is, the user may
* have to set other fields as well to properly build up the structure so
@@ -111,26 +111,26 @@ extern CMMFKeyRecRepContent *CMMF_CreateKeyRecRepContent(void);
* FUNCTION: CMMF_CreateKeyRecRepContentFromDER
* INPUTS:
* db
- * The handle for the certificate database where the decoded
+ * The handle for the certificate database where the decoded
* certificates will be placed. The decoded certificates will
- * be placed in the temporary database associated with the
+ * be placed in the temporary database associated with the
* handle.
* buf
* A buffer contatining the DER-encoded CMMFKeyRecRepContent
* len
* The length in bytes of the buffer 'buf'
* NOTES
- * This function passes the buffer to the ASN1 decoder and creates a
+ * This function passes the buffer to the ASN1 decoder and creates a
* CMMFKeyRecRepContent structure.
*
* RETURN:
* A pointer to the CMMFKeyRecRepContent structure. A NULL return
* value indicates the library was unable to parse the DER.
*/
-extern CMMFKeyRecRepContent*
- CMMF_CreateKeyRecRepContentFromDER(CERTCertDBHandle *db,
- const char *buf,
- long len);
+extern CMMFKeyRecRepContent *
+CMMF_CreateKeyRecRepContentFromDER(CERTCertDBHandle *db,
+ const char *buf,
+ long len);
/*
* FUNCTION: CMMF_CreatePOPODecKeyChallContent
@@ -139,18 +139,18 @@ extern CMMFKeyRecRepContent*
* NOTES:
* This function creates an empty CMMFPOPODecKeyChallContent. The user
* must add the challenges individually specifying the random number to
- * be used and the public key to be used when creating each individual
- * challenge. User can accomplish this by calling the function
+ * be used and the public key to be used when creating each individual
+ * challenge. User can accomplish this by calling the function
* CMMF_POPODecKeyChallContentSetNextChallenge.
* RETURN:
* A pointer to a CMMFPOPODecKeyChallContent structure. Ther user can
* then call CMMF_EncodePOPODecKeyChallContent passing in the return
- * value from this function after setting all of the challenges. A
- * return value of NULL indicates an error while creating the
+ * value from this function after setting all of the challenges. A
+ * return value of NULL indicates an error while creating the
* CMMFPOPODecKeyChallContent structure.
*/
-extern CMMFPOPODecKeyChallContent*
- CMMF_CreatePOPODecKeyChallContent(void);
+extern CMMFPOPODecKeyChallContent *
+CMMF_CreatePOPODecKeyChallContent(void);
/*
* FUNCTION: CMMF_CreatePOPODecKeyChallContentFromDER
@@ -161,14 +161,14 @@ extern CMMFPOPODecKeyChallContent*
* The length in bytes of the buffer 'buf'
* NOTES:
* This function passes the buffer to the ASN1 decoder and creates a
- * CMMFPOPODecKeyChallContent structure.
+ * CMMFPOPODecKeyChallContent structure.
*
* RETURN:
* A pointer to the CMMFPOPODecKeyChallContent structure. A NULL return
* value indicates the library was unable to parse the DER.
*/
-extern CMMFPOPODecKeyChallContent*
- CMMF_CreatePOPODecKeyChallContentFromDER(const char *buf, long len);
+extern CMMFPOPODecKeyChallContent *
+CMMF_CreatePOPODecKeyChallContentFromDER(const char *buf, long len);
/*
* FUNCTION: CMMF_CreatePOPODecKeyRespContentFromDER
@@ -178,15 +178,15 @@ extern CMMFPOPODecKeyChallContent*
* len
* The length in bytes of the buffer 'buf'
* NOTES
- * This function passes the buffer to the ASN1 decoder and creates a
+ * This function passes the buffer to the ASN1 decoder and creates a
* CMMFPOPODecKeyRespContent structure.
*
* RETURN:
* A pointer to the CMMFPOPODecKeyRespContent structure. A NULL return
* value indicates the library was unable to parse the DER.
*/
-extern CMMFPOPODecKeyRespContent*
- CMMF_CreatePOPODecKeyRespContentFromDER(const char *buf, long len);
+extern CMMFPOPODecKeyRespContent *
+CMMF_CreatePOPODecKeyRespContentFromDER(const char *buf, long len);
/************************** Set Functions *************************/
@@ -196,16 +196,16 @@ extern CMMFPOPODecKeyRespContent*
* inCertRepContent
* The CMMFCertRepContent to operate on.
* inCertResponses
- * An array of pointers to CMMFCertResponse structures to
+ * An array of pointers to CMMFCertResponse structures to
* add to the CMMFCertRepContent structure.
* inNumResponses
* The length of the array 'inCertResponses'
* NOTES:
- * This function will add the CMMFCertResponse structure to the
- * CMMFCertRepContent passed in. The CMMFCertResponse field of
+ * This function will add the CMMFCertResponse structure to the
+ * CMMFCertRepContent passed in. The CMMFCertResponse field of
* CMMFCertRepContent is required, so the client must call this function
- * before calling CMMF_EncodeCertRepContent. If the user calls
- * CMMF_EncodeCertRepContent before calling this function,
+ * before calling CMMF_EncodeCertRepContent. If the user calls
+ * CMMF_EncodeCertRepContent before calling this function,
* CMMF_EncodeCertRepContent will fail.
*
* RETURN:
@@ -213,10 +213,10 @@ extern CMMFPOPODecKeyRespContent*
* structure was successful. Any other return value indicates an error
* while trying to add the CMMFCertResponses.
*/
-extern SECStatus
- CMMF_CertRepContentSetCertResponses(CMMFCertRepContent *inCertRepContent,
- CMMFCertResponse **inCertResponses,
- int inNumResponses);
+extern SECStatus
+CMMF_CertRepContentSetCertResponses(CMMFCertRepContent *inCertRepContent,
+ CMMFCertResponse **inCertResponses,
+ int inNumResponses);
/*
* FUNCTION: CMMF_CertRepContentSetCAPubs
@@ -228,19 +228,19 @@ extern SECStatus
* required to make the issued cert valid.
* NOTES:
* This function will set the the certificates in the CA chain as part
- * of the CMMFCertRepContent. This field is an optional member of the
+ * of the CMMFCertRepContent. This field is an optional member of the
* CMMFCertRepContent structure, so the client is not required to call
* this function before calling CMMF_EncodeCertRepContent.
*
* RETURN:
* SECSuccess if adding the 'inCAPubs' to the CERTRepContent was successful.
- * Any other return value indicates an error while adding 'inCAPubs' to the
+ * Any other return value indicates an error while adding 'inCAPubs' to the
* CMMFCertRepContent structure.
- *
+ *
*/
-extern SECStatus
- CMMF_CertRepContentSetCAPubs (CMMFCertRepContent *inCertRepContent,
- CERTCertList *inCAPubs);
+extern SECStatus
+CMMF_CertRepContentSetCAPubs(CMMFCertRepContent *inCertRepContent,
+ CERTCertList *inCAPubs);
/*
* FUNCTION: CMMF_CertResponseSetPKIStatusInfoStatus
@@ -250,7 +250,7 @@ extern SECStatus
* inPKIStatus
* The value to set for the PKIStatusInfo.status field.
* NOTES:
- * This function will set the CertResponse.status.status field of
+ * This function will set the CertResponse.status.status field of
* the CMMFCertResponse structure. (View the definition of CertResponse
* in the CMMF draft to see exactly which value this talks about.) This
* field is a required member of the structure, so the user must call this
@@ -260,9 +260,9 @@ extern SECStatus
* SECSuccess if setting the field with the passed in value was successful.
* Any other return value indicates an error while trying to set the field.
*/
-extern SECStatus
- CMMF_CertResponseSetPKIStatusInfoStatus (CMMFCertResponse *inCertResp,
- CMMFPKIStatus inPKIStatus);
+extern SECStatus
+CMMF_CertResponseSetPKIStatusInfoStatus(CMMFCertResponse *inCertResp,
+ CMMFPKIStatus inPKIStatus);
/*
* FUNCTION: CMMF_CertResponseSetCertificate
@@ -270,7 +270,7 @@ extern SECStatus
* inCertResp
* The CMMFCertResponse to operate on.
* inCertificate
- * The certificate to add to the
+ * The certificate to add to the
* CertResponse.CertifiedKeyPair.certOrEncCert.certificate field.
* NOTES:
* This function will take the certificate and make it a member of the
@@ -282,13 +282,13 @@ extern SECStatus
* Any other return value indicates an error in adding the certificate to
* the CertResponse.
*/
-extern SECStatus
- CMMF_CertResponseSetCertificate (CMMFCertResponse *inCertResp,
- CERTCertificate *inCertificate);
+extern SECStatus
+CMMF_CertResponseSetCertificate(CMMFCertResponse *inCertResp,
+ CERTCertificate *inCertificate);
/*
* FUNCTION: CMMF_KeyRecRepContentSetPKIStatusInfoStatus
- * INPUTS:
+ * INPUTS:
* inKeyRecRep
* The CMMFKeyRecRepContent to operate on.
* inPKIStatus
@@ -296,17 +296,17 @@ extern SECStatus
* NOTES:
* This function sets the only required field for the KeyRecRepContent.
* In most cases, the user will set this field and other fields of the
- * structure to properly create the CMMFKeyRecRepContent structure.
+ * structure to properly create the CMMFKeyRecRepContent structure.
* Refer to the CMMF draft to see which fields need to be set in order
* to create the desired CMMFKeyRecRepContent.
- *
+ *
* RETURN:
* SECSuccess if setting the PKIStatusInfo.status field was successful.
* Any other return value indicates an error in setting the field.
*/
-extern SECStatus
+extern SECStatus
CMMF_KeyRecRepContentSetPKIStatusInfoStatus(CMMFKeyRecRepContent *inKeyRecRep,
- CMMFPKIStatus inPKIStatus);
+ CMMFPKIStatus inPKIStatus);
/*
* FUNCTION: CMMF_KeyRecRepContentSetNewSignCert
@@ -320,13 +320,13 @@ CMMF_KeyRecRepContentSetPKIStatusInfoStatus(CMMFKeyRecRepContent *inKeyRecRep,
* structure.
*
* RETURN:
- * SECSuccess if setting the new signing cert was successful. Any other
+ * SECSuccess if setting the new signing cert was successful. Any other
* return value indicates an error occurred while trying to add the
* new signing certificate.
*/
-extern SECStatus
- CMMF_KeyRecRepContentSetNewSignCert(CMMFKeyRecRepContent *inKeyRecRep,
- CERTCertificate *inNewSignCert);
+extern SECStatus
+CMMF_KeyRecRepContentSetNewSignCert(CMMFKeyRecRepContent *inKeyRecRep,
+ CERTCertificate *inNewSignCert);
/*
* FUNCTION: CMMF_KeyRecRepContentSetCACerts
@@ -334,21 +334,21 @@ extern SECStatus
* inKeyRecRep
* The CMMFKeyRecRepContent to operate on.
* inCACerts
- * The list of CA certificates required to construct a valid
+ * The list of CA certificates required to construct a valid
* certificate chain with the certificates that will be returned
* to the end user via this KeyRecRepContent.
* NOTES:
* This function sets the caCerts that are required to form a chain with the
- * end entity certificates that are being re-issued in this
+ * end entity certificates that are being re-issued in this
* CMMFKeyRecRepContent structure.
*
* RETURN:
* SECSuccess if adding the caCerts was successful. Any other return value
* indicates an error while tring to add the caCerts.
*/
-extern SECStatus
- CMMF_KeyRecRepContentSetCACerts(CMMFKeyRecRepContent *inKeyRecRep,
- CERTCertList *inCACerts);
+extern SECStatus
+CMMF_KeyRecRepContentSetCACerts(CMMFKeyRecRepContent *inKeyRecRep,
+ CERTCertList *inCACerts);
/*
* FUNCTION: CMMF_KeyRecRepContentSetCertifiedKeyPair
@@ -362,21 +362,21 @@ extern SECStatus
* inPubKey
* The public key to use for wrapping the private key.
* NOTES:
- * This function adds another certificate-key pair to the
- * CMMFKeyRecRepcontent structure. There may be more than one
- * certificate-key pair in the structure, so the user must call this
+ * This function adds another certificate-key pair to the
+ * CMMFKeyRecRepcontent structure. There may be more than one
+ * certificate-key pair in the structure, so the user must call this
* function multiple times to add more than one cert-key pair.
*
* RETURN:
* SECSuccess if adding the certified key pair was successful. Any other
- * return value indicates an error in adding certified key pair to
+ * return value indicates an error in adding certified key pair to
* CMMFKeyRecRepContent structure.
*/
-extern SECStatus
- CMMF_KeyRecRepContentSetCertifiedKeyPair(CMMFKeyRecRepContent *inKeyRecRep,
- CERTCertificate *inCert,
- SECKEYPrivateKey *inPrivKey,
- SECKEYPublicKey *inPubKey);
+extern SECStatus
+CMMF_KeyRecRepContentSetCertifiedKeyPair(CMMFKeyRecRepContent *inKeyRecRep,
+ CERTCertificate *inCert,
+ SECKEYPrivateKey *inPrivKey,
+ SECKEYPublicKey *inPubKey);
/*
* FUNCTION: CMMF_POPODecKeyChallContentSetNextChallenge
@@ -392,15 +392,15 @@ extern SECStatus
* passwdArg
* This value will be passed to the function used for getting a
* password. The password for getting a password should be registered
- * by calling PK11_SetPasswordFunc before this function is called.
- * If no password callback is registered and the library needs to
+ * by calling PK11_SetPasswordFunc before this function is called.
+ * If no password callback is registered and the library needs to
* authenticate to the slot for any reason, this function will fail.
* NOTES:
* This function adds a challenge to the end of the list of challenges
* contained by 'inDecKeyChall'. Refer to the CMMF draft on how the
* the random number passed in and the sender's GeneralName are used
* to generate the challenge and witness fields of the challenge. This
- * library will use SHA1 as the one-way function for generating the
+ * library will use SHA1 as the one-way function for generating the
* witess field of the challenge.
*
* RETURN:
@@ -409,13 +409,11 @@ extern SECStatus
* while trying to generate the challenge.
*/
extern SECStatus
-CMMF_POPODecKeyChallContentSetNextChallenge
- (CMMFPOPODecKeyChallContent *inDecKeyChall,
- long inRandom,
- CERTGeneralName *inSender,
- SECKEYPublicKey *inPubKey,
- void *passwdArg);
-
+CMMF_POPODecKeyChallContentSetNextChallenge(CMMFPOPODecKeyChallContent *inDecKeyChall,
+ long inRandom,
+ CERTGeneralName *inSender,
+ SECKEYPublicKey *inPubKey,
+ void *passwdArg);
/************************** Encoding Functions *************************/
@@ -425,30 +423,30 @@ CMMF_POPODecKeyChallContentSetNextChallenge
* inCertRepContent
* The CMMFCertRepContent to DER-encode.
* inCallback
- * A callback function that the ASN1 encoder will call whenever it
- * wants to write out DER-encoded bytes. Look at the defintion of
+ * A callback function that the ASN1 encoder will call whenever it
+ * wants to write out DER-encoded bytes. Look at the defintion of
* CRMFEncoderOutputCallback in crmft.h for a description of the
* parameters to the function.
* inArg
* An opaque pointer to a user-supplied argument that will be passed
* to the callback funtion whenever the function is called.
* NOTES:
- * The CMMF library will use the same DER-encoding scheme as the CRMF
+ * The CMMF library will use the same DER-encoding scheme as the CRMF
* library. In other words, when reading CRMF comments that pertain to
- * encoding, those comments apply to the CMMF libray as well.
+ * encoding, those comments apply to the CMMF libray as well.
* The callback function will be called multiple times, each time supplying
- * the next chunk of DER-encoded bytes. The user must concatenate the
+ * the next chunk of DER-encoded bytes. The user must concatenate the
* output of each successive call to the callback in order to get the
* entire DER-encoded CMMFCertRepContent structure.
*
* RETURN:
- * SECSuccess if encoding the CMMFCertRepContent was successful. Any
+ * SECSuccess if encoding the CMMFCertRepContent was successful. Any
* other return value indicates an error while decoding the structure.
*/
-extern SECStatus
- CMMF_EncodeCertRepContent (CMMFCertRepContent *inCertRepContent,
- CRMFEncoderOutputCallback inCallback,
- void *inArg);
+extern SECStatus
+CMMF_EncodeCertRepContent(CMMFCertRepContent *inCertRepContent,
+ CRMFEncoderOutputCallback inCallback,
+ void *inArg);
/*
* FUNCTION: CMMF_EncodeKeyRecRepContent
@@ -456,30 +454,30 @@ extern SECStatus
* inKeyRecRep
* The CMMFKeyRepContent to DER-encode.
* inCallback
- * A callback function that the ASN1 encoder will call whenever it
- * wants to write out DER-encoded bytes. Look at the defintion of
+ * A callback function that the ASN1 encoder will call whenever it
+ * wants to write out DER-encoded bytes. Look at the defintion of
* CRMFEncoderOutputCallback in crmft.h for a description of the
* parameters to the function.
* inArg
* An opaque pointer to a user-supplied argument that will be passed
* to the callback funtion whenever the function is called.
* NOTES:
- * The CMMF library will use the same DER-encoding scheme as the CRMF
+ * The CMMF library will use the same DER-encoding scheme as the CRMF
* library. In other words, when reading CRMF comments that pertain to
- * encoding, those comments apply to the CMMF libray as well.
+ * encoding, those comments apply to the CMMF libray as well.
* The callback function will be called multiple times, each time supplying
- * the next chunk of DER-encoded bytes. The user must concatenate the
+ * the next chunk of DER-encoded bytes. The user must concatenate the
* output of each successive call to the callback in order to get the
* entire DER-encoded CMMFCertRepContent structure.
*
* RETURN:
- * SECSuccess if encoding the CMMFKeyRecRepContent was successful. Any
+ * SECSuccess if encoding the CMMFKeyRecRepContent was successful. Any
* other return value indicates an error while decoding the structure.
*/
extern SECStatus
- CMMF_EncodeKeyRecRepContent(CMMFKeyRecRepContent *inKeyRecRep,
- CRMFEncoderOutputCallback inCallback,
- void *inArg);
+CMMF_EncodeKeyRecRepContent(CMMFKeyRecRepContent *inKeyRecRep,
+ CRMFEncoderOutputCallback inCallback,
+ void *inArg);
/*
* FUNCTION: CMMF_EncodePOPODecKeyChallContent
@@ -487,19 +485,19 @@ extern SECStatus
* inDecKeyChall
* The CMMFDecKeyChallContent to operate on.
* inCallback
- * A callback function that the ASN1 encoder will call whenever it
- * wants to write out DER-encoded bytes. Look at the defintion of
+ * A callback function that the ASN1 encoder will call whenever it
+ * wants to write out DER-encoded bytes. Look at the defintion of
* CRMFEncoderOutputCallback in crmft.h for a description of the
* parameters to the function.
* inArg
* An opaque pointer to a user-supplied argument that will be passed
* to the callback function whenever the function is called.
* NOTES:
- * The CMMF library will use the same DER-encoding scheme as the CRMF
+ * The CMMF library will use the same DER-encoding scheme as the CRMF
* library. In other words, when reading CRMF comments that pertain to
- * encoding, those comments apply to the CMMF libray as well.
+ * encoding, those comments apply to the CMMF libray as well.
* The callback function will be called multiple times, each time supplying
- * the next chunk of DER-encoded bytes. The user must concatenate the
+ * the next chunk of DER-encoded bytes. The user must concatenate the
* output of each successive call to the callback in order to get the
* entire DER-encoded CMMFCertRepContent structure.
* The DER will be an encoding of the type POPODecKeyChallContents, which
@@ -509,34 +507,34 @@ extern SECStatus
* SECSuccess if encoding was successful. Any other return value indicates
* an error in trying to encode the Challenges.
*/
-extern SECStatus
+extern SECStatus
CMMF_EncodePOPODecKeyChallContent(CMMFPOPODecKeyChallContent *inDecKeyChall,
- CRMFEncoderOutputCallback inCallback,
- void *inArg);
+ CRMFEncoderOutputCallback inCallback,
+ void *inArg);
/*
* FUNCTION: CMMF_EncodePOPODecKeyRespContent
* INPUTS:
* inDecodedRand
- * An array of integers to encode as the responses to
+ * An array of integers to encode as the responses to
* CMMFPOPODecKeyChallContent. The integers must be in the same order
* as the challenges extracted from CMMFPOPODecKeyChallContent.
* inNumRand
* The number of random integers contained in the array 'inDecodedRand'
* inCallback
- * A callback function that the ASN1 encoder will call whenever it
- * wants to write out DER-encoded bytes. Look at the defintion of
+ * A callback function that the ASN1 encoder will call whenever it
+ * wants to write out DER-encoded bytes. Look at the defintion of
* CRMFEncoderOutputCallback in crmft.h for a description of the
* parameters to the function.
* inArg
* An opaque pointer to a user-supplied argument that will be passed
* to the callback funtion whenever the function is called.
* NOTES:
- * The CMMF library will use the same DER-encoding scheme as the CRMF
+ * The CMMF library will use the same DER-encoding scheme as the CRMF
* library. In other words, when reading CRMF comments that pertain to
- * encoding, those comments apply to the CMMF libray as well.
+ * encoding, those comments apply to the CMMF libray as well.
* The callback function will be called multiple times, each time supplying
- * the next chunk of DER-encoded bytes. The user must concatenate the
+ * the next chunk of DER-encoded bytes. The user must concatenate the
* output of each successive call to the callback in order to get the
* entire DER-encoded POPODecKeyRespContent.
*
@@ -544,11 +542,11 @@ CMMF_EncodePOPODecKeyChallContent(CMMFPOPODecKeyChallContent *inDecKeyChall,
* SECSuccess if encoding was successful. Any other return value indicates
* an error in trying to encode the Challenges.
*/
-extern SECStatus
- CMMF_EncodePOPODecKeyRespContent(long *inDecodedRand,
- int inNumRand,
- CRMFEncoderOutputCallback inCallback,
- void *inArg);
+extern SECStatus
+CMMF_EncodePOPODecKeyRespContent(long *inDecodedRand,
+ int inNumRand,
+ CRMFEncoderOutputCallback inCallback,
+ void *inArg);
/*************** Accessor function ***********************************/
@@ -560,27 +558,26 @@ extern SECStatus
* NOTES:
* This function will return a copy of the list of certificates that
* make up the chain of CA's required to make the cert issued valid.
- * The user must call CERT_DestroyCertList on the return value when
- * done using the return value.
+ * The user must call CERT_DestroyCertList on the return value when
+ * done using the return value.
*
* Only call this function on a CertRepContent that has been decoded.
* The client must call CERT_DestroyCertList when the certificate list
- * is no longer needed.
+ * is no longer needed.
*
* The certs in the list will not be in the temporary database. In order
* to make these certificates a part of the permanent CA internal database,
- * the user must collect the der for all of these certs and call
+ * the user must collect the der for all of these certs and call
* CERT_ImportCAChain. Afterwards the certs will be part of the permanent
* database.
- *
+ *
* RETURN:
- * A pointer to the CERTCertList representing the CA chain associated
+ * A pointer to the CERTCertList representing the CA chain associated
* with the issued cert. A NULL return value indicates that no CA Pubs
- * were available in the CMMFCertRepContent structure.
+ * were available in the CMMFCertRepContent structure.
*/
-extern CERTCertList*
- CMMF_CertRepContentGetCAPubs (CMMFCertRepContent *inCertRepContent);
-
+extern CERTCertList *
+CMMF_CertRepContentGetCAPubs(CMMFCertRepContent *inCertRepContent);
/*
* FUNCTION: CMMF_CertRepContentGetNumResponses
@@ -590,12 +587,12 @@ extern CERTCertList*
* NOTES:
* This function will return the number of CertResponses that are contained
* by the CMMFCertRepContent passed in.
- *
+ *
* RETURN:
* The number of CMMFCertResponses contained in the structure passed in.
*/
-extern int
- CMMF_CertRepContentGetNumResponses (CMMFCertRepContent *inCertRepContent);
+extern int
+CMMF_CertRepContentGetNumResponses(CMMFCertRepContent *inCertRepContent);
/*
* FUNCTION: CMMF_CertRepContentGetResponseAtIndex
@@ -605,20 +602,20 @@ extern int
* inIndex
* The index of the CMMFCertResponse the user wants a copy of.
* NOTES:
- * This function creates a copy of the CMMFCertResponse at the index
+ * This function creates a copy of the CMMFCertResponse at the index
* corresponding to the parameter 'inIndex'. Indexing is done like a
* traditional C array, ie the valid indexes are (0...numResponses-1).
- * The user must call CMMF_DestroyCertResponse after the return value is
+ * The user must call CMMF_DestroyCertResponse after the return value is
* no longer needed.
*
* RETURN:
- * A pointer to the CMMFCertResponse at the index corresponding to
- * 'inIndex'. A return value of NULL indicates an error in copying
+ * A pointer to the CMMFCertResponse at the index corresponding to
+ * 'inIndex'. A return value of NULL indicates an error in copying
* the CMMFCertResponse.
*/
-extern CMMFCertResponse*
-CMMF_CertRepContentGetResponseAtIndex (CMMFCertRepContent *inCertRepContent,
- int inIndex);
+extern CMMFCertResponse *
+CMMF_CertRepContentGetResponseAtIndex(CMMFCertRepContent *inCertRepContent,
+ int inIndex);
/*
* FUNCTION: CMMF_CertResponseGetCertReqId
@@ -626,11 +623,11 @@ CMMF_CertRepContentGetResponseAtIndex (CMMFCertRepContent *inCertRepContent,
* inCertResp
* The CMMFCertResponse to operate on.
* NOTES:
- * This function returns the CertResponse.certReqId from the
+ * This function returns the CertResponse.certReqId from the
* CMMFCertResponse structure passed in. If the return value is -1, that
* means there is no associated certificate request with the CertResponse.
* RETURN:
- * A long representing the id of the certificate request this
+ * A long representing the id of the certificate request this
* CMMFCertResponse corresponds to. A return value of -1 indicates an
* error in extracting the value of the integer.
*/
@@ -642,7 +639,7 @@ extern long CMMF_CertResponseGetCertReqId(CMMFCertResponse *inCertResp);
* inCertResp
* The CMMFCertResponse to operate on.
* NOTES:
- * This function returns the CertResponse.status.status field of the
+ * This function returns the CertResponse.status.status field of the
* CMMFCertResponse structure.
*
* RETURN:
@@ -650,8 +647,8 @@ extern long CMMF_CertResponseGetCertReqId(CMMFCertResponse *inCertResp);
* draft. See the CMMF draft for the definition of PKIStatus. See crmft.h
* for the definition of CMMFPKIStatus.
*/
-extern CMMFPKIStatus
- CMMF_CertResponseGetPKIStatusInfoStatus(CMMFCertResponse *inCertResp);
+extern CMMFPKIStatus
+CMMF_CertResponseGetPKIStatusInfoStatus(CMMFCertResponse *inCertResp);
/*
* FUNCTION: CMMF_CertResponseGetCertificate
@@ -664,18 +661,18 @@ extern CMMFPKIStatus
* NOTES:
* This function retrieves the CertResponse.certifiedKeyPair.certificate
* from the CMMFCertResponse. The user will get a copy of that certificate
- * so the user must call CERT_DestroyCertificate when the return value is
- * no longer needed. The certificate returned will be in the temporary
+ * so the user must call CERT_DestroyCertificate when the return value is
+ * no longer needed. The certificate returned will be in the temporary
* certificate database.
*
* RETURN:
- * A pointer to a copy of the certificate contained within the
+ * A pointer to a copy of the certificate contained within the
* CMMFCertResponse. A return value of NULL indicates an error while trying
* to make a copy of the certificate.
*/
-extern CERTCertificate*
- CMMF_CertResponseGetCertificate(CMMFCertResponse *inCertResp,
- CERTCertDBHandle *inCertdb);
+extern CERTCertificate *
+CMMF_CertResponseGetCertificate(CMMFCertResponse *inCertResp,
+ CERTCertDBHandle *inCertdb);
/*
* FUNCTION: CMMF_KeyRecRepContentGetPKIStatusInfoStatus
@@ -683,13 +680,13 @@ extern CERTCertificate*
* inKeyRecRep
* The CMMFKeyRecRepContent structure to operate on.
* NOTES:
- * This function retrieves the KeyRecRepContent.status.status field of
+ * This function retrieves the KeyRecRepContent.status.status field of
* the CMMFKeyRecRepContent structure.
* RETURN:
- * The CMMFPKIStatus corresponding to the value held in the
+ * The CMMFPKIStatus corresponding to the value held in the
* CMMFKeyRecRepContent structure.
*/
-extern CMMFPKIStatus
+extern CMMFPKIStatus
CMMF_KeyRecRepContentGetPKIStatusInfoStatus(CMMFKeyRecRepContent *inKeyRecRep);
/*
@@ -699,15 +696,15 @@ CMMF_KeyRecRepContentGetPKIStatusInfoStatus(CMMFKeyRecRepContent *inKeyRecRep);
* The CMMFKeyRecRepContent to operate on.
* NOTES:
* This function retrieves the KeyRecRepContent.newSignCert field of the
- * CMMFKeyRecRepContent structure. The user must call
+ * CMMFKeyRecRepContent structure. The user must call
* CERT_DestroyCertificate when the return value is no longer needed. The
- * returned certificate will be in the temporary database. The user
+ * returned certificate will be in the temporary database. The user
* must then place the certificate permanently in whatever token the
* user determines is the proper destination. A return value of NULL
* indicates the newSigCert field was not present.
*/
-extern CERTCertificate*
- CMMF_KeyRecRepContentGetNewSignCert(CMMFKeyRecRepContent *inKeyRecRep);
+extern CERTCertificate *
+CMMF_KeyRecRepContentGetNewSignCert(CMMFKeyRecRepContent *inKeyRecRep);
/*
* FUNCTION: CMMF_KeyRecRepContentGetCACerts
@@ -715,22 +712,22 @@ extern CERTCertificate*
* inKeyRecRep
* The CMMFKeyRecRepContent to operate on.
* NOTES:
- * This function returns a CERTCertList which contains all of the
+ * This function returns a CERTCertList which contains all of the
* certficates that are in the sequence KeyRecRepContent.caCerts
- * User must call CERT_DestroyCertList when the return value is no longer
+ * User must call CERT_DestroyCertList when the return value is no longer
* needed. All of these certificates will be placed in the tempoaray
* database.
*
* RETURN:
* A pointer to the list of caCerts contained in the CMMFKeyRecRepContent
- * structure. A return value of NULL indicates the library was not able to
+ * structure. A return value of NULL indicates the library was not able to
* make a copy of the certifcates. This may be because there are no caCerts
* included in the CMMFKeyRecRepContent strucure or an internal error. Call
- * CMMF_KeyRecRepContentHasCACerts to find out if there are any caCerts
+ * CMMF_KeyRecRepContentHasCACerts to find out if there are any caCerts
* included in 'inKeyRecRep'.
*/
-extern CERTCertList*
- CMMF_KeyRecRepContentGetCACerts(CMMFKeyRecRepContent *inKeyRecRep);
+extern CERTCertList *
+CMMF_KeyRecRepContentGetCACerts(CMMFKeyRecRepContent *inKeyRecRep);
/*
* FUNCTION: CMMF_KeyRecRepContentGetNumKeyPairs
@@ -741,8 +738,8 @@ extern CERTCertList*
* This function returns the number of CMMFCertifiedKeyPair structures that
* that are stored in the KeyRecRepContent structure.
*/
-extern int
- CMMF_KeyRecRepContentGetNumKeyPairs(CMMFKeyRecRepContent *inKeyRecRep);
+extern int
+CMMF_KeyRecRepContentGetNumKeyPairs(CMMFKeyRecRepContent *inKeyRecRep);
/*
* FUNCTION: CMMF_KeyRecRepContentGetCertKeyAtIndex
@@ -753,17 +750,17 @@ extern int
* The index of the desired CMMFCertifiedKeyPair
* NOTES:
* This function retrieves the CMMFCertifiedKeyPair structure at the index
- * 'inIndex'. Valid indexes are 0...(numKeyPairs-1) The user must call
+ * 'inIndex'. Valid indexes are 0...(numKeyPairs-1) The user must call
* CMMF_DestroyCertifiedKeyPair when the return value is no longer needed.
*
* RETURN:
* A pointer to the Certified Key Pair at the desired index. A return value
- * of NULL indicates an error in extracting the Certified Key Pair at the
+ * of NULL indicates an error in extracting the Certified Key Pair at the
* desired index.
*/
-extern CMMFCertifiedKeyPair*
- CMMF_KeyRecRepContentGetCertKeyAtIndex(CMMFKeyRecRepContent *inKeyRecRep,
- int inIndex);
+extern CMMFCertifiedKeyPair *
+CMMF_KeyRecRepContentGetCertKeyAtIndex(CMMFKeyRecRepContent *inKeyRecRep,
+ int inIndex);
/*
* FUNCTION: CMMF_CertifiedKeyPairGetCertificate
@@ -774,21 +771,21 @@ extern CMMFCertifiedKeyPair*
* The database handle for the database you want this certificate
* to wind up in.
* NOTES:
- * This function retrieves the certificate at
+ * This function retrieves the certificate at
* CertifiedKeyPair.certOrEncCert.certificate
* The user must call CERT_DestroyCertificate when the return value is no
* longer needed. The user must import this certificate as a token object
* onto PKCS#11 slot in order to make it a permanent object. The returned
* certificate will be in the temporary database.
- *
+ *
* RETURN:
* A pointer to the certificate contained within the certified key pair.
- * A return value of NULL indicates an error in creating the copy of the
+ * A return value of NULL indicates an error in creating the copy of the
* certificate.
*/
-extern CERTCertificate*
- CMMF_CertifiedKeyPairGetCertificate(CMMFCertifiedKeyPair *inCertKeyPair,
- CERTCertDBHandle *inCertdb);
+extern CERTCertificate *
+CMMF_CertifiedKeyPairGetCertificate(CMMFCertifiedKeyPair *inCertKeyPair,
+ CERTCertDBHandle *inCertdb);
/*
* FUNCTION: CMMF_POPODecKeyChallContentGetNumChallenges
@@ -796,11 +793,10 @@ extern CERTCertificate*
* inKeyChallCont
* The CMMFPOPODecKeyChallContent to operate on.
* RETURN:
- * This function returns the number of CMMFChallenges are contained in
+ * This function returns the number of CMMFChallenges are contained in
* the CMMFPOPODecKeyChallContent structure.
*/
-extern int CMMF_POPODecKeyChallContentGetNumChallenges
- (CMMFPOPODecKeyChallContent *inKeyChallCont);
+extern int CMMF_POPODecKeyChallContentGetNumChallenges(CMMFPOPODecKeyChallContent *inKeyChallCont);
/*
* FUNCTION: CMMF_POPODecKeyChallContentGetPublicValue
@@ -816,14 +812,12 @@ extern int CMMF_POPODecKeyChallContentGetNumChallenges
* This function retrieves the public value stored away in the Challenge at
* index inIndex of inKeyChallCont.
* RETURN:
- * A pointer to a SECItem containing the public value. User must call
+ * A pointer to a SECItem containing the public value. User must call
* SECITEM_FreeItem on the return value when the value is no longer necessary.
* A return value of NULL indicates an error while retrieving the public value.
*/
-extern SECItem* CMMF_POPODecKeyChallContentGetPublicValue
- (CMMFPOPODecKeyChallContent *inKeyChallCont,
- int inIndex);
-
+extern SECItem *CMMF_POPODecKeyChallContentGetPublicValue(CMMFPOPODecKeyChallContent *inKeyChallCont,
+ int inIndex);
/*
* FUNCTION: CMMF_POPODecKeyChallContentGetRandomNumber
@@ -839,9 +833,9 @@ extern SECItem* CMMF_POPODecKeyChallContentGetPublicValue
* challenge.
* NOTES:
* This function returns the value held in the decrypted Rand structure
- * corresponding to the random integer. The user must call
- * CMMF_POPODecKeyChallContentDecryptChallenge before calling this function. Call
- * CMMF_ChallengeIsDecrypted to find out if the challenge has been
+ * corresponding to the random integer. The user must call
+ * CMMF_POPODecKeyChallContentDecryptChallenge before calling this function. Call
+ * CMMF_ChallengeIsDecrypted to find out if the challenge has been
* decrypted.
*
* RETURN:
@@ -850,10 +844,9 @@ extern SECItem* CMMF_POPODecKeyChallContentGetPublicValue
* Any other return value indicates an error and that the value at *inDest
* is not a valid value.
*/
-extern SECStatus CMMF_POPODecKeyChallContentGetRandomNumber
- (CMMFPOPODecKeyChallContent *inKeyChallCont,
- int inIndex,
- long *inDest);
+extern SECStatus CMMF_POPODecKeyChallContentGetRandomNumber(CMMFPOPODecKeyChallContent *inKeyChallCont,
+ int inIndex,
+ long *inDest);
/*
* FUNCTION: CMMF_POPODecKeyRespContentGetNumResponses
@@ -863,8 +856,8 @@ extern SECStatus CMMF_POPODecKeyChallContentGetRandomNumber
* RETURN:
* This function returns the number of responses contained in inRespContent.
*/
-extern int
- CMMF_POPODecKeyRespContentGetNumResponses(CMMFPOPODecKeyRespContent *inRespCont);
+extern int
+CMMF_POPODecKeyRespContentGetNumResponses(CMMFPOPODecKeyRespContent *inRespCont);
/*
* FUNCTION: CMMF_POPODecKeyRespContentGetResponse
@@ -876,22 +869,22 @@ extern int
* The Nth response is at index N-1, ie the 1st response is at index 0,
* the 2nd response is at index 1, and so on.
* inDest
- * A pointer to a pre-allocated buffer where the library can put the
+ * A pointer to a pre-allocated buffer where the library can put the
* value of the response located at inIndex.
* NOTES:
- * The function returns the response contained at index inIndex.
- * CMMFPOPODecKeyRespContent is a structure that the server will generally
+ * The function returns the response contained at index inIndex.
+ * CMMFPOPODecKeyRespContent is a structure that the server will generally
* get in response to a CMMFPOPODecKeyChallContent. The server will expect
- * to see the responses in the same order as it constructed them in
+ * to see the responses in the same order as it constructed them in
* the CMMFPOPODecKeyChallContent structure.
* RETURN:
* SECSuccess if getting the response at the desired index was successful. Any
* other return value indicates an errror.
*/
extern SECStatus
- CMMF_POPODecKeyRespContentGetResponse (CMMFPOPODecKeyRespContent *inRespCont,
- int inIndex,
- long *inDest);
+CMMF_POPODecKeyRespContentGetResponse(CMMFPOPODecKeyRespContent *inRespCont,
+ int inIndex,
+ long *inDest);
/************************* Destructor Functions ******************************/
@@ -918,12 +911,12 @@ extern SECStatus CMMF_DestroyCertResponse(CMMFCertResponse *inCertResp);
* This function frees the memory associated with the CMMFCertRepContent
* passed in.
* RETURN:
- * SECSuccess if freeing all the memory associated with the
- * CMMFCertRepContent passed in is successful. Any other return value
+ * SECSuccess if freeing all the memory associated with the
+ * CMMFCertRepContent passed in is successful. Any other return value
* indicates an error while freeing the memory.
*/
-extern SECStatus
- CMMF_DestroyCertRepContent (CMMFCertRepContent *inCertRepContent);
+extern SECStatus
+CMMF_DestroyCertRepContent(CMMFCertRepContent *inCertRepContent);
/*
* FUNCTION: CMMF_DestroyKeyRecRepContent
@@ -931,22 +924,22 @@ extern SECStatus
* inKeyRecRep
* The CMMFKeyRecRepContent to destroy.
* NOTES:
- * This function destroys all the memory associated with the
+ * This function destroys all the memory associated with the
* CMMFKeyRecRepContent passed in.
*
* RETURN:
- * SECSuccess if freeing all the memory is successful. Any other return
+ * SECSuccess if freeing all the memory is successful. Any other return
* value indicates an error in freeing the memory.
*/
-extern SECStatus
- CMMF_DestroyKeyRecRepContent(CMMFKeyRecRepContent *inKeyRecRep);
+extern SECStatus
+CMMF_DestroyKeyRecRepContent(CMMFKeyRecRepContent *inKeyRecRep);
/*
* FUNCTION: CMMF_DestroyCertifiedKeyPair
* INPUTS:
* inCertKeyPair
* The CMMFCertifiedKeyPair to operate on.
- * NOTES:
+ * NOTES:
* This function frees up all the memory associated with 'inCertKeyPair'
*
* RETURN:
@@ -954,8 +947,8 @@ extern SECStatus
* is successful. Any other return value indicates an error while trying
* to free the memory.
*/
-extern SECStatus
- CMMF_DestroyCertifiedKeyPair(CMMFCertifiedKeyPair *inCertKeyPair);
+extern SECStatus
+CMMF_DestroyCertifiedKeyPair(CMMFCertifiedKeyPair *inCertKeyPair);
/*
* FUNCTION: CMMF_DestroyPOPODecKeyRespContent
@@ -963,7 +956,7 @@ extern SECStatus
* inDecKeyResp
* The CMMFPOPODecKeyRespContent structure to free.
* NOTES:
- * This function frees up all the memory associate with the
+ * This function frees up all the memory associate with the
* CMMFPOPODecKeyRespContent.
*
* RETURN:
@@ -972,11 +965,10 @@ extern SECStatus
* return value indicates an error while freeing the memory.
*/
extern SECStatus
- CMMF_DestroyPOPODecKeyRespContent(CMMFPOPODecKeyRespContent *inDecKeyResp);
-
+CMMF_DestroyPOPODecKeyRespContent(CMMFPOPODecKeyRespContent *inDecKeyResp);
/************************** Miscellaneous Functions *************************/
-
+
/*
* FUNCTION: CMMF_CertifiedKeyPairUnwrapPrivKey
* INPUTS:
@@ -997,25 +989,25 @@ extern SECStatus
* wincx
* An opaque pointer that the library will use in a callback function
* to get the password if necessary.
- *
+ *
* NOTES:
* This function uses the private key passed in to unwrap the private key
- * contained within the CMMFCertifiedKeyPair structure. After this
+ * contained within the CMMFCertifiedKeyPair structure. After this
* function successfully returns, the private key has been unwrapped and
- * placed in the specified slot.
+ * placed in the specified slot.
*
* RETURN:
- * SECSuccess if unwrapping the private key was successful. Any other
+ * SECSuccess if unwrapping the private key was successful. Any other
* return value indicates an error while trying to un-wrap the private key.
*/
-extern SECStatus
- CMMF_CertifiedKeyPairUnwrapPrivKey(CMMFCertifiedKeyPair *inKeyPair,
- SECKEYPrivateKey *inPrivKey,
- SECItem *inNickName,
- PK11SlotInfo *inSlot,
- CERTCertDBHandle *inCertdb,
- SECKEYPrivateKey **destPrivKey,
- void *wincx);
+extern SECStatus
+CMMF_CertifiedKeyPairUnwrapPrivKey(CMMFCertifiedKeyPair *inKeyPair,
+ SECKEYPrivateKey *inPrivKey,
+ SECItem *inNickName,
+ PK11SlotInfo *inSlot,
+ CERTCertDBHandle *inCertdb,
+ SECKEYPrivateKey **destPrivKey,
+ void *wincx);
/*
* FUNCTION: CMMF_KeyRecRepContentHasCACerts
@@ -1023,13 +1015,13 @@ extern SECStatus
* inKeyRecRecp
* The CMMFKeyRecRepContent to operate on.
* RETURN:
- * This function returns PR_TRUE if there are one or more certificates in
+ * This function returns PR_TRUE if there are one or more certificates in
* the sequence KeyRecRepContent.caCerts within the CMMFKeyRecRepContent
* structure. The function will return PR_FALSE if there are 0 certificate
* in the above mentioned sequence.
*/
-extern PRBool
- CMMF_KeyRecRepContentHasCACerts(CMMFKeyRecRepContent *inKeyRecRep);
+extern PRBool
+CMMF_KeyRecRepContentHasCACerts(CMMFKeyRecRepContent *inKeyRecRep);
/*
* FUNCTION: CMMF_POPODecKeyChallContDecryptChallenge
@@ -1043,12 +1035,12 @@ extern PRBool
* The private key to use to decrypt the witness field.
* NOTES:
* This function uses the private key to decrypt the challenge field
- * contained in the appropriate challenge. Make sure the private key matches
- * the public key that was used to encrypt the witness. Use
+ * contained in the appropriate challenge. Make sure the private key matches
+ * the public key that was used to encrypt the witness. Use
* CMMF_POPODecKeyChallContentGetPublicValue to get the public value of
* the key used to encrypt the witness and then use that to determine the
* appropriate private key. This can be done by calling PK11_MakeIDFromPubKey
- * and then passing that return value to PK11_FindKeyByKeyID. The creator of
+ * and then passing that return value to PK11_FindKeyByKeyID. The creator of
* the challenge will most likely be an RA that has the public key
* from a Cert request. So the private key should be the private key
* associated with public key in that request. This function will also
@@ -1057,17 +1049,17 @@ extern PRBool
*
* RETURN:
* SECSuccess if decrypting the witness field was successful. This does
- * not indicate that the decrypted data is valid, since the private key
- * passed in may not be the actual key needed to properly decrypt the
+ * not indicate that the decrypted data is valid, since the private key
+ * passed in may not be the actual key needed to properly decrypt the
* witness field. Meaning that there is a decrypted structure now, but
* may be garbage because the private key was incorrect.
* Any other return value indicates the function could not complete the
* decryption process.
*/
-extern SECStatus
- CMMF_POPODecKeyChallContDecryptChallenge(CMMFPOPODecKeyChallContent *inChalCont,
- int inIndex,
- SECKEYPrivateKey *inPrivKey);
+extern SECStatus
+CMMF_POPODecKeyChallContDecryptChallenge(CMMFPOPODecKeyChallContent *inChalCont,
+ int inIndex,
+ SECKEYPrivateKey *inPrivKey);
/*
* FUNCTION: CMMF_DestroyPOPODecKeyChallContent
@@ -1075,16 +1067,16 @@ extern SECStatus
* inDecKeyCont
* The CMMFPOPODecKeyChallContent to free
* NOTES:
- * This function frees up all the memory associated with the
- * CMMFPOPODecKeyChallContent
+ * This function frees up all the memory associated with the
+ * CMMFPOPODecKeyChallContent
* RETURN:
- * SECSuccess if freeing up all the memory associatd with the
+ * SECSuccess if freeing up all the memory associatd with the
* CMMFPOPODecKeyChallContent is successful. Any other return value
* indicates an error while freeing the memory.
*
*/
-extern SECStatus
- CMMF_DestroyPOPODecKeyChallContent (CMMFPOPODecKeyChallContent *inDecKeyCont);
+extern SECStatus
+CMMF_DestroyPOPODecKeyChallContent(CMMFPOPODecKeyChallContent *inDecKeyCont);
SEC_END_PROTOS
#endif /* _CMMF_H_ */
diff --git a/lib/crmf/cmmfasn1.c b/lib/crmf/cmmfasn1.c
index 711d4ab15..64915b339 100644
--- a/lib/crmf/cmmfasn1.c
+++ b/lib/crmf/cmmfasn1.c
@@ -11,50 +11,50 @@
SEC_ASN1_MKSUB(SEC_SignedCertificateTemplate)
static const SEC_ASN1Template CMMFSequenceOfCertifiedKeyPairsTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF, 0, CMMFCertifiedKeyPairTemplate}
+ { SEC_ASN1_SEQUENCE_OF, 0, CMMFCertifiedKeyPairTemplate }
};
static const SEC_ASN1Template CMMFKeyRecRepContentTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFKeyRecRepContent)},
- { SEC_ASN1_INLINE, offsetof(CMMFKeyRecRepContent, status),
- CMMFPKIStatusInfoTemplate},
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER |
- SEC_ASN1_XTRN | 0,
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFKeyRecRepContent) },
+ { SEC_ASN1_INLINE, offsetof(CMMFKeyRecRepContent, status),
+ CMMFPKIStatusInfoTemplate },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER |
+ SEC_ASN1_XTRN | 0,
offsetof(CMMFKeyRecRepContent, newSigCert),
- SEC_ASN1_SUB(SEC_SignedCertificateTemplate)},
+ SEC_ASN1_SUB(SEC_SignedCertificateTemplate) },
{ SEC_ASN1_CONSTRUCTED | SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 1,
offsetof(CMMFKeyRecRepContent, caCerts),
- CMMFSequenceOfCertsTemplate},
+ CMMFSequenceOfCertsTemplate },
{ SEC_ASN1_CONSTRUCTED | SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 2,
offsetof(CMMFKeyRecRepContent, keyPairHist),
- CMMFSequenceOfCertifiedKeyPairsTemplate},
+ CMMFSequenceOfCertifiedKeyPairsTemplate },
{ 0 }
};
SECStatus
-CMMF_EncodeCertRepContent (CMMFCertRepContent *inCertRepContent,
- CRMFEncoderOutputCallback inCallback,
- void *inArg)
+CMMF_EncodeCertRepContent(CMMFCertRepContent *inCertRepContent,
+ CRMFEncoderOutputCallback inCallback,
+ void *inArg)
{
return cmmf_user_encode(inCertRepContent, inCallback, inArg,
- CMMFCertRepContentTemplate);
+ CMMFCertRepContentTemplate);
}
SECStatus
CMMF_EncodePOPODecKeyChallContent(CMMFPOPODecKeyChallContent *inDecKeyChall,
- CRMFEncoderOutputCallback inCallback,
- void *inArg)
+ CRMFEncoderOutputCallback inCallback,
+ void *inArg)
{
return cmmf_user_encode(inDecKeyChall, inCallback, inArg,
- CMMFPOPODecKeyChallContentTemplate);
+ CMMFPOPODecKeyChallContentTemplate);
}
-CMMFPOPODecKeyRespContent*
+CMMFPOPODecKeyRespContent *
CMMF_CreatePOPODecKeyRespContentFromDER(const char *buf, long len)
{
- PLArenaPool *poolp;
+ PLArenaPool *poolp;
CMMFPOPODecKeyRespContent *decKeyResp;
- SECStatus rv;
+ SECStatus rv;
poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
if (poolp == NULL) {
@@ -66,13 +66,13 @@ CMMF_CreatePOPODecKeyRespContentFromDER(const char *buf, long len)
}
decKeyResp->poolp = poolp;
rv = SEC_ASN1Decode(poolp, decKeyResp, CMMFPOPODecKeyRespContentTemplate,
- buf, len);
+ buf, len);
if (rv != SECSuccess) {
goto loser;
}
return decKeyResp;
-
- loser:
+
+loser:
if (poolp != NULL) {
PORT_FreeArena(poolp, PR_FALSE);
}
@@ -80,21 +80,21 @@ CMMF_CreatePOPODecKeyRespContentFromDER(const char *buf, long len)
}
SECStatus
-CMMF_EncodeKeyRecRepContent(CMMFKeyRecRepContent *inKeyRecRep,
- CRMFEncoderOutputCallback inCallback,
- void *inArg)
+CMMF_EncodeKeyRecRepContent(CMMFKeyRecRepContent *inKeyRecRep,
+ CRMFEncoderOutputCallback inCallback,
+ void *inArg)
{
return cmmf_user_encode(inKeyRecRep, inCallback, inArg,
- CMMFKeyRecRepContentTemplate);
+ CMMFKeyRecRepContentTemplate);
}
-CMMFKeyRecRepContent*
-CMMF_CreateKeyRecRepContentFromDER(CERTCertDBHandle *db, const char *buf,
- long len)
+CMMFKeyRecRepContent *
+CMMF_CreateKeyRecRepContentFromDER(CERTCertDBHandle *db, const char *buf,
+ long len)
{
- PLArenaPool *poolp;
+ PLArenaPool *poolp;
CMMFKeyRecRepContent *keyRecContent;
- SECStatus rv;
+ SECStatus rv;
poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
if (poolp == NULL) {
@@ -106,27 +106,26 @@ CMMF_CreateKeyRecRepContentFromDER(CERTCertDBHandle *db, const char *buf,
}
keyRecContent->poolp = poolp;
rv = SEC_ASN1Decode(poolp, keyRecContent, CMMFKeyRecRepContentTemplate,
- buf, len);
+ buf, len);
if (rv != SECSuccess) {
goto loser;
}
if (keyRecContent->keyPairHist != NULL) {
- while(keyRecContent->keyPairHist[keyRecContent->numKeyPairs] != NULL) {
- rv = cmmf_decode_process_certified_key_pair(poolp, db,
- keyRecContent->keyPairHist[keyRecContent->numKeyPairs]);
- if (rv != SECSuccess) {
- goto loser;
- }
- keyRecContent->numKeyPairs++;
- }
- keyRecContent->allocKeyPairs = keyRecContent->numKeyPairs;
+ while (keyRecContent->keyPairHist[keyRecContent->numKeyPairs] != NULL) {
+ rv = cmmf_decode_process_certified_key_pair(poolp, db,
+ keyRecContent->keyPairHist[keyRecContent->numKeyPairs]);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
+ keyRecContent->numKeyPairs++;
+ }
+ keyRecContent->allocKeyPairs = keyRecContent->numKeyPairs;
}
keyRecContent->isDecoded = PR_TRUE;
return keyRecContent;
- loser:
+loser:
if (poolp != NULL) {
PORT_FreeArena(poolp, PR_FALSE);
}
return NULL;
}
-
diff --git a/lib/crmf/cmmfchal.c b/lib/crmf/cmmfchal.c
index bf0b7ba37..b2d33b9d7 100644
--- a/lib/crmf/cmmfchal.c
+++ b/lib/crmf/cmmfchal.c
@@ -14,51 +14,50 @@
#include "keyhi.h"
static int
-cmmf_create_witness_and_challenge(PLArenaPool *poolp,
- CMMFChallenge *challenge,
- long inRandom,
- SECItem *senderDER,
- SECKEYPublicKey *inPubKey,
- void *passwdArg)
+cmmf_create_witness_and_challenge(PLArenaPool *poolp,
+ CMMFChallenge *challenge,
+ long inRandom,
+ SECItem *senderDER,
+ SECKEYPublicKey *inPubKey,
+ void *passwdArg)
{
- SECItem *encodedRandNum;
- SECItem encodedRandStr = {siBuffer, NULL, 0};
- SECItem *dummy;
- unsigned char *randHash, *senderHash, *encChal=NULL;
- unsigned modulusLen = 0;
- SECStatus rv = SECFailure;
- CMMFRand randStr= { {siBuffer, NULL, 0}, {siBuffer, NULL, 0}};
- PK11SlotInfo *slot;
- PK11SymKey *symKey = NULL;
+ SECItem *encodedRandNum;
+ SECItem encodedRandStr = { siBuffer, NULL, 0 };
+ SECItem *dummy;
+ unsigned char *randHash, *senderHash, *encChal = NULL;
+ unsigned modulusLen = 0;
+ SECStatus rv = SECFailure;
+ CMMFRand randStr = { { siBuffer, NULL, 0 }, { siBuffer, NULL, 0 } };
+ PK11SlotInfo *slot;
+ PK11SymKey *symKey = NULL;
CERTSubjectPublicKeyInfo *spki = NULL;
-
encodedRandNum = SEC_ASN1EncodeInteger(poolp, &challenge->randomNumber,
- inRandom);
+ inRandom);
encodedRandNum = &challenge->randomNumber;
- randHash = PORT_ArenaNewArray(poolp, unsigned char, SHA1_LENGTH);
+ randHash = PORT_ArenaNewArray(poolp, unsigned char, SHA1_LENGTH);
senderHash = PORT_ArenaNewArray(poolp, unsigned char, SHA1_LENGTH);
if (randHash == NULL) {
goto loser;
}
- rv = PK11_HashBuf(SEC_OID_SHA1, randHash, encodedRandNum->data,
- (PRUint32)encodedRandNum->len);
+ rv = PK11_HashBuf(SEC_OID_SHA1, randHash, encodedRandNum->data,
+ (PRUint32)encodedRandNum->len);
if (rv != SECSuccess) {
goto loser;
}
rv = PK11_HashBuf(SEC_OID_SHA1, senderHash, senderDER->data,
- (PRUint32)senderDER->len);
+ (PRUint32)senderDER->len);
if (rv != SECSuccess) {
goto loser;
}
challenge->witness.data = randHash;
- challenge->witness.len = SHA1_LENGTH;
+ challenge->witness.len = SHA1_LENGTH;
- randStr.integer = *encodedRandNum;
+ randStr.integer = *encodedRandNum;
randStr.senderHash.data = senderHash;
- randStr.senderHash.len = SHA1_LENGTH;
- dummy = SEC_ASN1EncodeItem(NULL, &encodedRandStr, &randStr,
- CMMFRandTemplate);
+ randStr.senderHash.len = SHA1_LENGTH;
+ dummy = SEC_ASN1EncodeItem(NULL, &encodedRandStr, &randStr,
+ CMMFRandTemplate);
if (dummy != &encodedRandStr) {
rv = SECFailure;
goto loser;
@@ -70,7 +69,7 @@ cmmf_create_witness_and_challenge(PLArenaPool *poolp,
rv = SECFailure;
goto loser;
}
- slot =PK11_GetBestSlotWithAttributes(CKM_RSA_PKCS, CKF_WRAP, 0, passwdArg);
+ slot = PK11_GetBestSlotWithAttributes(CKM_RSA_PKCS, CKF_WRAP, 0, passwdArg);
if (slot == NULL) {
rv = SECFailure;
goto loser;
@@ -83,23 +82,23 @@ cmmf_create_witness_and_challenge(PLArenaPool *poolp,
* the PK11 libraries depend on.
*/
symKey = PK11_ImportSymKey(slot, CKM_RSA_PKCS, PK11_OriginGenerated,
- CKA_VALUE, &encodedRandStr, passwdArg);
+ CKA_VALUE, &encodedRandStr, passwdArg);
if (symKey == NULL) {
rv = SECFailure;
- goto loser;
+ goto loser;
}
challenge->challenge.data = encChal;
- challenge->challenge.len = modulusLen;
- rv = PK11_PubWrapSymKey(CKM_RSA_PKCS, inPubKey, symKey,
- &challenge->challenge);
+ challenge->challenge.len = modulusLen;
+ rv = PK11_PubWrapSymKey(CKM_RSA_PKCS, inPubKey, symKey,
+ &challenge->challenge);
PK11_FreeSlot(slot);
if (rv != SECSuccess) {
- goto loser;
+ goto loser;
}
rv = SECITEM_CopyItem(poolp, &challenge->senderDER, senderDER);
crmf_get_public_value(inPubKey, &challenge->key);
/* Fall through */
- loser:
+loser:
if (spki != NULL) {
SECKEY_DestroySubjectPublicKeyInfo(spki);
}
@@ -116,17 +115,17 @@ cmmf_create_witness_and_challenge(PLArenaPool *poolp,
}
static SECStatus
-cmmf_create_first_challenge(CMMFPOPODecKeyChallContent *challContent,
- long inRandom,
- SECItem *senderDER,
- SECKEYPublicKey *inPubKey,
- void *passwdArg)
+cmmf_create_first_challenge(CMMFPOPODecKeyChallContent *challContent,
+ long inRandom,
+ SECItem *senderDER,
+ SECKEYPublicKey *inPubKey,
+ void *passwdArg)
{
- SECOidData *oidData;
- CMMFChallenge *challenge;
+ SECOidData *oidData;
+ CMMFChallenge *challenge;
SECAlgorithmID *algId;
- PLArenaPool *poolp;
- SECStatus rv;
+ PLArenaPool *poolp;
+ SECStatus rv;
oidData = SECOID_FindOIDByTag(SEC_OID_SHA1);
if (oidData == NULL) {
@@ -145,15 +144,15 @@ cmmf_create_first_challenge(CMMFPOPODecKeyChallContent *challContent,
if (rv != SECSuccess) {
return SECFailure;
}
- rv = cmmf_create_witness_and_challenge(poolp, challenge, inRandom,
- senderDER, inPubKey, passwdArg);
+ rv = cmmf_create_witness_and_challenge(poolp, challenge, inRandom,
+ senderDER, inPubKey, passwdArg);
challContent->challenges[0] = (rv == SECSuccess) ? challenge : NULL;
challContent->numChallenges++;
- return rv ;
+ return rv;
}
-CMMFPOPODecKeyChallContent*
-CMMF_CreatePOPODecKeyChallContent (void)
+CMMFPOPODecKeyChallContent *
+CMMF_CreatePOPODecKeyChallContent(void)
{
PLArenaPool *poolp;
CMMFPOPODecKeyChallContent *challContent;
@@ -165,32 +164,31 @@ CMMF_CreatePOPODecKeyChallContent (void)
challContent = PORT_ArenaZNew(poolp, CMMFPOPODecKeyChallContent);
if (challContent == NULL) {
PORT_FreeArena(poolp, PR_FALSE);
- return NULL;
+ return NULL;
}
challContent->poolp = poolp;
return challContent;
}
SECStatus
-CMMF_POPODecKeyChallContentSetNextChallenge
- (CMMFPOPODecKeyChallContent *inDecKeyChall,
- long inRandom,
- CERTGeneralName *inSender,
- SECKEYPublicKey *inPubKey,
- void *passwdArg)
+CMMF_POPODecKeyChallContentSetNextChallenge(CMMFPOPODecKeyChallContent *inDecKeyChall,
+ long inRandom,
+ CERTGeneralName *inSender,
+ SECKEYPublicKey *inPubKey,
+ void *passwdArg)
{
- CMMFChallenge *curChallenge;
- PLArenaPool *genNamePool = NULL, *poolp;
- SECStatus rv;
- SECItem *genNameDER;
- void *mark;
+ CMMFChallenge *curChallenge;
+ PLArenaPool *genNamePool = NULL, *poolp;
+ SECStatus rv;
+ SECItem *genNameDER;
+ void *mark;
- PORT_Assert (inDecKeyChall != NULL &&
- inSender != NULL &&
- inPubKey != NULL);
+ PORT_Assert(inDecKeyChall != NULL &&
+ inSender != NULL &&
+ inPubKey != NULL);
- if (inDecKeyChall == NULL ||
- inSender == NULL || inPubKey == NULL) {
+ if (inDecKeyChall == NULL ||
+ inSender == NULL || inPubKey == NULL) {
return SECFailure;
}
poolp = inDecKeyChall->poolp;
@@ -204,8 +202,8 @@ CMMF_POPODecKeyChallContentSetNextChallenge
}
if (inDecKeyChall->challenges == NULL) {
inDecKeyChall->challenges =
- PORT_ArenaZNewArray(poolp, CMMFChallenge*,(CMMF_MAX_CHALLENGES+1));
- inDecKeyChall->numAllocated = CMMF_MAX_CHALLENGES;
+ PORT_ArenaZNewArray(poolp, CMMFChallenge *, (CMMF_MAX_CHALLENGES + 1));
+ inDecKeyChall->numAllocated = CMMF_MAX_CHALLENGES;
}
if (inDecKeyChall->numChallenges >= inDecKeyChall->numAllocated) {
@@ -214,22 +212,23 @@ CMMF_POPODecKeyChallContentSetNextChallenge
}
if (inDecKeyChall->numChallenges == 0) {
- rv = cmmf_create_first_challenge(inDecKeyChall, inRandom,
- genNameDER, inPubKey, passwdArg);
- } else {
+ rv = cmmf_create_first_challenge(inDecKeyChall, inRandom,
+ genNameDER, inPubKey, passwdArg);
+ }
+ else {
curChallenge = PORT_ArenaZNew(poolp, CMMFChallenge);
- if (curChallenge == NULL) {
- rv = SECFailure;
- goto loser;
- }
- rv = cmmf_create_witness_and_challenge(poolp, curChallenge, inRandom,
- genNameDER, inPubKey,
- passwdArg);
- if (rv == SECSuccess) {
- inDecKeyChall->challenges[inDecKeyChall->numChallenges] =
- curChallenge;
- inDecKeyChall->numChallenges++;
- }
+ if (curChallenge == NULL) {
+ rv = SECFailure;
+ goto loser;
+ }
+ rv = cmmf_create_witness_and_challenge(poolp, curChallenge, inRandom,
+ genNameDER, inPubKey,
+ passwdArg);
+ if (rv == SECSuccess) {
+ inDecKeyChall->challenges[inDecKeyChall->numChallenges] =
+ curChallenge;
+ inDecKeyChall->numChallenges++;
+ }
}
if (rv != SECSuccess) {
goto loser;
@@ -238,7 +237,7 @@ CMMF_POPODecKeyChallContentSetNextChallenge
PORT_FreeArena(genNamePool, PR_FALSE);
return SECSuccess;
- loser:
+loser:
PORT_ArenaRelease(poolp, mark);
if (genNamePool != NULL) {
PORT_FreeArena(genNamePool, PR_FALSE);
@@ -257,7 +256,7 @@ CMMF_DestroyPOPODecKeyRespContent(CMMFPOPODecKeyRespContent *inDecKeyResp)
return SECSuccess;
}
-int
+int
CMMF_POPODecKeyRespContentGetNumResponses(CMMFPOPODecKeyRespContent *inRespCont)
{
int numResponses = 0;
@@ -268,20 +267,20 @@ CMMF_POPODecKeyRespContentGetNumResponses(CMMFPOPODecKeyRespContent *inRespCont)
}
while (inRespCont->responses[numResponses] != NULL) {
- numResponses ++;
+ numResponses++;
}
return numResponses;
}
SECStatus
-CMMF_POPODecKeyRespContentGetResponse (CMMFPOPODecKeyRespContent *inRespCont,
- int inIndex,
- long *inDest)
+CMMF_POPODecKeyRespContentGetResponse(CMMFPOPODecKeyRespContent *inRespCont,
+ int inIndex,
+ long *inDest)
{
PORT_Assert(inRespCont != NULL);
-
- if (inRespCont == NULL || inIndex < 0 ||
- inIndex >= CMMF_POPODecKeyRespContentGetNumResponses(inRespCont)) {
+
+ if (inRespCont == NULL || inIndex < 0 ||
+ inIndex >= CMMF_POPODecKeyRespContentGetNumResponses(inRespCont)) {
return SECFailure;
}
*inDest = DER_GetInteger(inRespCont->responses[inIndex]);
diff --git a/lib/crmf/cmmfi.h b/lib/crmf/cmmfi.h
index bfe3cb02b..9336ccfc2 100644
--- a/lib/crmf/cmmfi.h
+++ b/lib/crmf/cmmfi.h
@@ -14,7 +14,7 @@
#include "crmfi.h"
#define CMMF_MAX_CHALLENGES 10
-#define CMMF_MAX_KEY_PAIRS 50
+#define CMMF_MAX_KEY_PAIRS 50
/*
* Some templates that the code will need to implement CMMF.
@@ -27,72 +27,66 @@ extern const SEC_ASN1Template CMMFSequenceOfCertsTemplate[];
extern const SEC_ASN1Template CMMFPKIStatusInfoTemplate[];
extern const SEC_ASN1Template CMMFCertifiedKeyPairTemplate[];
-
/*
- * Some utility functions that are shared by multiple files in this
+ * Some utility functions that are shared by multiple files in this
* implementation.
*/
-extern SECStatus cmmf_CopyCertResponse (PLArenaPool *poolp,
- CMMFCertResponse *dest,
- CMMFCertResponse *src);
+extern SECStatus cmmf_CopyCertResponse(PLArenaPool *poolp,
+ CMMFCertResponse *dest,
+ CMMFCertResponse *src);
-extern SECStatus cmmf_CopyPKIStatusInfo (PLArenaPool *poolp,
- CMMFPKIStatusInfo *dest,
- CMMFPKIStatusInfo *src);
+extern SECStatus cmmf_CopyPKIStatusInfo(PLArenaPool *poolp,
+ CMMFPKIStatusInfo *dest,
+ CMMFPKIStatusInfo *src);
-extern SECStatus cmmf_CopyCertifiedKeyPair(PLArenaPool *poolp,
- CMMFCertifiedKeyPair *dest,
- CMMFCertifiedKeyPair *src);
+extern SECStatus cmmf_CopyCertifiedKeyPair(PLArenaPool *poolp,
+ CMMFCertifiedKeyPair *dest,
+ CMMFCertifiedKeyPair *src);
-extern SECStatus cmmf_DestroyPKIStatusInfo(CMMFPKIStatusInfo *info,
- PRBool freeit);
+extern SECStatus cmmf_DestroyPKIStatusInfo(CMMFPKIStatusInfo *info,
+ PRBool freeit);
-extern SECStatus cmmf_DestroyCertOrEncCert(CMMFCertOrEncCert *certOrEncCert,
- PRBool freeit);
+extern SECStatus cmmf_DestroyCertOrEncCert(CMMFCertOrEncCert *certOrEncCert,
+ PRBool freeit);
-extern SECStatus cmmf_PKIStatusInfoSetStatus(CMMFPKIStatusInfo *statusInfo,
- PLArenaPool *poolp,
- CMMFPKIStatus inStatus);
+extern SECStatus cmmf_PKIStatusInfoSetStatus(CMMFPKIStatusInfo *statusInfo,
+ PLArenaPool *poolp,
+ CMMFPKIStatus inStatus);
-extern SECStatus cmmf_ExtractCertsFromList(CERTCertList *inCertList,
- PLArenaPool *poolp,
- CERTCertificate ***certArray);
+extern SECStatus cmmf_ExtractCertsFromList(CERTCertList *inCertList,
+ PLArenaPool *poolp,
+ CERTCertificate ***certArray);
-extern SECStatus
- cmmf_CertOrEncCertSetCertificate(CMMFCertOrEncCert *certOrEncCert,
- PLArenaPool *poolp,
- CERTCertificate *inCert);
+extern SECStatus
+cmmf_CertOrEncCertSetCertificate(CMMFCertOrEncCert *certOrEncCert,
+ PLArenaPool *poolp,
+ CERTCertificate *inCert);
-extern CMMFPKIStatus
- cmmf_PKIStatusInfoGetStatus(CMMFPKIStatusInfo *inStatus);
+extern CMMFPKIStatus
+cmmf_PKIStatusInfoGetStatus(CMMFPKIStatusInfo *inStatus);
-extern CERTCertList*
- cmmf_MakeCertList(CERTCertificate **inCerts);
+extern CERTCertList *
+cmmf_MakeCertList(CERTCertificate **inCerts);
-extern CERTCertificate*
+extern CERTCertificate *
cmmf_CertOrEncCertGetCertificate(CMMFCertOrEncCert *certOrEncCert,
- CERTCertDBHandle *certdb);
+ CERTCertDBHandle *certdb);
extern SECStatus
-cmmf_decode_process_cert_response(PLArenaPool *poolp,
- CERTCertDBHandle *db,
- CMMFCertResponse *inCertResp);
+cmmf_decode_process_cert_response(PLArenaPool *poolp,
+ CERTCertDBHandle *db,
+ CMMFCertResponse *inCertResp);
extern SECStatus
-cmmf_decode_process_certified_key_pair(PLArenaPool *poolp,
- CERTCertDBHandle *db,
- CMMFCertifiedKeyPair *inCertKeyPair);
+cmmf_decode_process_certified_key_pair(PLArenaPool *poolp,
+ CERTCertDBHandle *db,
+ CMMFCertifiedKeyPair *inCertKeyPair);
extern SECStatus
cmmf_user_encode(void *src, CRMFEncoderOutputCallback inCallback, void *inArg,
- const SEC_ASN1Template *inTemplate);
+ const SEC_ASN1Template *inTemplate);
extern SECStatus
-cmmf_copy_secitem (PLArenaPool *poolp, SECItem *dest, SECItem *src);
+cmmf_copy_secitem(PLArenaPool *poolp, SECItem *dest, SECItem *src);
#endif /*_CMMFI_H_*/
-
-
-
-
-
diff --git a/lib/crmf/cmmfit.h b/lib/crmf/cmmfit.h
index 84f81c3d6..014413f07 100644
--- a/lib/crmf/cmmfit.h
+++ b/lib/crmf/cmmfit.h
@@ -14,23 +14,23 @@
* ------------- -------
* 0 granted- got exactly what you asked for.
*
- * 1 grantedWithMods-got something like what you asked
+ * 1 grantedWithMods-got something like what you asked
* for;requester is responsible for ascertainging the
* differences.
*
- * 2 rejection-you don't get what you asked for; more
+ * 2 rejection-you don't get what you asked for; more
* information elsewhere in the message
*
- * 3 waiting-the request body part has not yet been
+ * 3 waiting-the request body part has not yet been
* processed, expect to hear more later.
*
- * 4 revocationWarning-this message contains a warning
+ * 4 revocationWarning-this message contains a warning
* that a revocation is imminent.
*
- * 5 revocationNotification-notification that a
+ * 5 revocationNotification-notification that a
* revocation has occurred.
*
- * 6 keyUpdateWarning-update already done for the
+ * 6 keyUpdateWarning-update already done for the
* oldCertId specified in FullCertTemplate.
*/
@@ -41,76 +41,75 @@ struct CMMFPKIStatusInfoStr {
};
struct CMMFCertOrEncCertStr {
- union {
- CERTCertificate *certificate;
+ union {
+ CERTCertificate *certificate;
CRMFEncryptedValue *encryptedCert;
} cert;
CMMFCertOrEncCertChoice choice;
- SECItem derValue;
+ SECItem derValue;
};
struct CMMFCertifiedKeyPairStr {
- CMMFCertOrEncCert certOrEncCert;
+ CMMFCertOrEncCert certOrEncCert;
CRMFEncryptedValue *privateKey;
- SECItem derPublicationInfo; /* We aren't creating
- * PKIPublicationInfo's, so
- * we'll store away the der
- * here if we decode one that
- * does have pubInfo.
- */
+ SECItem derPublicationInfo; /* We aren't creating
+ * PKIPublicationInfo's, so
+ * we'll store away the der
+ * here if we decode one that
+ * does have pubInfo.
+ */
SECItem unwrappedPrivKey;
};
struct CMMFCertResponseStr {
- SECItem certReqId;
- CMMFPKIStatusInfo status; /*PKIStatusInfo*/
+ SECItem certReqId;
+ CMMFPKIStatusInfo status; /*PKIStatusInfo*/
CMMFCertifiedKeyPair *certifiedKeyPair;
};
struct CMMFCertRepContentStr {
- CERTCertificate **caPubs;
+ CERTCertificate **caPubs;
CMMFCertResponse **response;
- PLArenaPool *poolp;
- PRBool isDecoded;
+ PLArenaPool *poolp;
+ PRBool isDecoded;
};
struct CMMFChallengeStr {
- SECAlgorithmID *owf;
- SECItem witness;
- SECItem senderDER;
- SECItem key;
- SECItem challenge;
- SECItem randomNumber;
+ SECAlgorithmID *owf;
+ SECItem witness;
+ SECItem senderDER;
+ SECItem key;
+ SECItem challenge;
+ SECItem randomNumber;
};
struct CMMFRandStr {
- SECItem integer;
- SECItem senderHash;
+ SECItem integer;
+ SECItem senderHash;
CERTGeneralName *sender;
};
struct CMMFPOPODecKeyChallContentStr {
CMMFChallenge **challenges;
- PLArenaPool *poolp;
- int numChallenges;
- int numAllocated;
+ PLArenaPool *poolp;
+ int numChallenges;
+ int numAllocated;
};
struct CMMFPOPODecKeyRespContentStr {
- SECItem **responses;
- PLArenaPool *poolp;
+ SECItem **responses;
+ PLArenaPool *poolp;
};
struct CMMFKeyRecRepContentStr {
- CMMFPKIStatusInfo status; /* PKIStatusInfo */
- CERTCertificate *newSigCert;
- CERTCertificate **caCerts;
+ CMMFPKIStatusInfo status; /* PKIStatusInfo */
+ CERTCertificate *newSigCert;
+ CERTCertificate **caCerts;
CMMFCertifiedKeyPair **keyPairHist;
- PLArenaPool *poolp;
- int numKeyPairs;
- int allocKeyPairs;
- PRBool isDecoded;
+ PLArenaPool *poolp;
+ int numKeyPairs;
+ int allocKeyPairs;
+ PRBool isDecoded;
};
#endif /* _CMMFIT_H_ */
-
diff --git a/lib/crmf/cmmfrec.c b/lib/crmf/cmmfrec.c
index 880e846f0..068a0d84d 100644
--- a/lib/crmf/cmmfrec.c
+++ b/lib/crmf/cmmfrec.c
@@ -4,7 +4,7 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
- * This file will implement the functions related to key recovery in
+ * This file will implement the functions related to key recovery in
* CMMF
*/
@@ -13,10 +13,10 @@
#include "secitem.h"
#include "keyhi.h"
-CMMFKeyRecRepContent*
+CMMFKeyRecRepContent *
CMMF_CreateKeyRecRepContent(void)
{
- PLArenaPool *poolp;
+ PLArenaPool *poolp;
CMMFKeyRecRepContent *keyRecContent;
poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
@@ -26,7 +26,7 @@ CMMF_CreateKeyRecRepContent(void)
keyRecContent = PORT_ArenaZNew(poolp, CMMFKeyRecRepContent);
if (keyRecContent == NULL) {
PORT_FreeArena(poolp, PR_FALSE);
- return NULL;
+ return NULL;
}
keyRecContent->poolp = poolp;
return keyRecContent;
@@ -37,25 +37,24 @@ CMMF_DestroyKeyRecRepContent(CMMFKeyRecRepContent *inKeyRecRep)
{
PORT_Assert(inKeyRecRep != NULL);
if (inKeyRecRep != NULL && inKeyRecRep->poolp != NULL) {
- int i;
+ int i;
- if (!inKeyRecRep->isDecoded && inKeyRecRep->newSigCert != NULL) {
- CERT_DestroyCertificate(inKeyRecRep->newSigCert);
- }
- if (inKeyRecRep->caCerts != NULL) {
- for (i=0; inKeyRecRep->caCerts[i] != NULL; i++) {
- CERT_DestroyCertificate(inKeyRecRep->caCerts[i]);
- }
- }
- if (inKeyRecRep->keyPairHist != NULL) {
- for (i=0; inKeyRecRep->keyPairHist[i] != NULL; i++) {
- if (inKeyRecRep->keyPairHist[i]->certOrEncCert.choice ==
- cmmfCertificate) {
- CERT_DestroyCertificate(inKeyRecRep->keyPairHist[i]->
- certOrEncCert.cert.certificate);
- }
- }
- }
+ if (!inKeyRecRep->isDecoded && inKeyRecRep->newSigCert != NULL) {
+ CERT_DestroyCertificate(inKeyRecRep->newSigCert);
+ }
+ if (inKeyRecRep->caCerts != NULL) {
+ for (i = 0; inKeyRecRep->caCerts[i] != NULL; i++) {
+ CERT_DestroyCertificate(inKeyRecRep->caCerts[i]);
+ }
+ }
+ if (inKeyRecRep->keyPairHist != NULL) {
+ for (i = 0; inKeyRecRep->keyPairHist[i] != NULL; i++) {
+ if (inKeyRecRep->keyPairHist[i]->certOrEncCert.choice ==
+ cmmfCertificate) {
+ CERT_DestroyCertificate(inKeyRecRep->keyPairHist[i]->certOrEncCert.cert.certificate);
+ }
+ }
+ }
PORT_FreeArena(inKeyRecRep->poolp, PR_TRUE);
}
return SECSuccess;
@@ -63,52 +62,53 @@ CMMF_DestroyKeyRecRepContent(CMMFKeyRecRepContent *inKeyRecRep)
SECStatus
CMMF_KeyRecRepContentSetPKIStatusInfoStatus(CMMFKeyRecRepContent *inKeyRecRep,
- CMMFPKIStatus inPKIStatus)
+ CMMFPKIStatus inPKIStatus)
{
PORT_Assert(inKeyRecRep != NULL && inPKIStatus >= cmmfGranted &&
- inPKIStatus < cmmfNumPKIStatus);
+ inPKIStatus < cmmfNumPKIStatus);
if (inKeyRecRep == NULL) {
return SECFailure;
}
-
- return cmmf_PKIStatusInfoSetStatus(&inKeyRecRep->status,
- inKeyRecRep->poolp,
- inPKIStatus);
+
+ return cmmf_PKIStatusInfoSetStatus(&inKeyRecRep->status,
+ inKeyRecRep->poolp,
+ inPKIStatus);
}
SECStatus
CMMF_KeyRecRepContentSetNewSignCert(CMMFKeyRecRepContent *inKeyRecRep,
- CERTCertificate *inNewSignCert)
+ CERTCertificate *inNewSignCert)
{
- PORT_Assert (inKeyRecRep != NULL && inNewSignCert != NULL);
+ PORT_Assert(inKeyRecRep != NULL && inNewSignCert != NULL);
if (inKeyRecRep == NULL || inNewSignCert == NULL) {
return SECFailure;
}
if (!inKeyRecRep->isDecoded && inKeyRecRep->newSigCert) {
- CERT_DestroyCertificate(inKeyRecRep->newSigCert);
+ CERT_DestroyCertificate(inKeyRecRep->newSigCert);
}
inKeyRecRep->isDecoded = PR_FALSE;
inKeyRecRep->newSigCert = CERT_DupCertificate(inNewSignCert);
- return (inKeyRecRep->newSigCert == NULL) ? SECFailure : SECSuccess;
+ return (inKeyRecRep->newSigCert == NULL) ? SECFailure : SECSuccess;
}
SECStatus
CMMF_KeyRecRepContentSetCACerts(CMMFKeyRecRepContent *inKeyRecRep,
- CERTCertList *inCACerts)
+ CERTCertList *inCACerts)
{
SECStatus rv;
void *mark;
- PORT_Assert (inKeyRecRep != NULL && inCACerts != NULL);
+ PORT_Assert(inKeyRecRep != NULL && inCACerts != NULL);
if (inKeyRecRep == NULL || inCACerts == NULL) {
return SECFailure;
}
mark = PORT_ArenaMark(inKeyRecRep->poolp);
rv = cmmf_ExtractCertsFromList(inCACerts, inKeyRecRep->poolp,
- &inKeyRecRep->caCerts);
+ &inKeyRecRep->caCerts);
if (rv != SECSuccess) {
PORT_ArenaRelease(inKeyRecRep->poolp, mark);
- } else {
+ }
+ else {
PORT_ArenaUnmark(inKeyRecRep->poolp, mark);
}
return rv;
@@ -116,49 +116,49 @@ CMMF_KeyRecRepContentSetCACerts(CMMFKeyRecRepContent *inKeyRecRep,
SECStatus
CMMF_KeyRecRepContentSetCertifiedKeyPair(CMMFKeyRecRepContent *inKeyRecRep,
- CERTCertificate *inCert,
- SECKEYPrivateKey *inPrivKey,
- SECKEYPublicKey *inPubKey)
+ CERTCertificate *inCert,
+ SECKEYPrivateKey *inPrivKey,
+ SECKEYPublicKey *inPubKey)
{
CMMFCertifiedKeyPair *keyPair;
- CRMFEncryptedValue *dummy;
- PLArenaPool *poolp;
- void *mark;
- SECStatus rv;
+ CRMFEncryptedValue *dummy;
+ PLArenaPool *poolp;
+ void *mark;
+ SECStatus rv;
- PORT_Assert (inKeyRecRep != NULL &&
- inCert != NULL &&
- inPrivKey != NULL &&
- inPubKey != NULL);
+ PORT_Assert(inKeyRecRep != NULL &&
+ inCert != NULL &&
+ inPrivKey != NULL &&
+ inPubKey != NULL);
if (inKeyRecRep == NULL ||
- inCert == NULL ||
- inPrivKey == NULL ||
- inPubKey == NULL) {
+ inCert == NULL ||
+ inPrivKey == NULL ||
+ inPubKey == NULL) {
return SECFailure;
}
poolp = inKeyRecRep->poolp;
mark = PORT_ArenaMark(poolp);
if (inKeyRecRep->keyPairHist == NULL) {
- inKeyRecRep->keyPairHist = PORT_ArenaNewArray(poolp,
- CMMFCertifiedKeyPair*,
- (CMMF_MAX_KEY_PAIRS+1));
- if (inKeyRecRep->keyPairHist == NULL) {
- goto loser;
- }
- inKeyRecRep->allocKeyPairs = CMMF_MAX_KEY_PAIRS;
- inKeyRecRep->numKeyPairs = 0;
+ inKeyRecRep->keyPairHist = PORT_ArenaNewArray(poolp,
+ CMMFCertifiedKeyPair *,
+ (CMMF_MAX_KEY_PAIRS + 1));
+ if (inKeyRecRep->keyPairHist == NULL) {
+ goto loser;
+ }
+ inKeyRecRep->allocKeyPairs = CMMF_MAX_KEY_PAIRS;
+ inKeyRecRep->numKeyPairs = 0;
}
if (inKeyRecRep->allocKeyPairs == inKeyRecRep->numKeyPairs) {
goto loser;
}
-
+
keyPair = PORT_ArenaZNew(poolp, CMMFCertifiedKeyPair);
if (keyPair == NULL) {
goto loser;
}
rv = cmmf_CertOrEncCertSetCertificate(&keyPair->certOrEncCert,
- poolp, inCert);
+ poolp, inCert);
if (rv != SECSuccess) {
goto loser;
}
@@ -166,12 +166,12 @@ CMMF_KeyRecRepContentSetCertifiedKeyPair(CMMFKeyRecRepContent *inKeyRecRep,
if (keyPair->privateKey == NULL) {
goto loser;
}
- dummy = crmf_create_encrypted_value_wrapped_privkey(inPrivKey, inPubKey,
- keyPair->privateKey);
+ dummy = crmf_create_encrypted_value_wrapped_privkey(inPrivKey, inPubKey,
+ keyPair->privateKey);
PORT_Assert(dummy == keyPair->privateKey);
if (dummy != keyPair->privateKey) {
crmf_destroy_encrypted_value(dummy, PR_TRUE);
- goto loser;
+ goto loser;
}
inKeyRecRep->keyPairHist[inKeyRecRep->numKeyPairs] = keyPair;
inKeyRecRep->numKeyPairs++;
@@ -179,7 +179,7 @@ CMMF_KeyRecRepContentSetCertifiedKeyPair(CMMFKeyRecRepContent *inKeyRecRep,
PORT_ArenaUnmark(poolp, mark);
return SECSuccess;
- loser:
+loser:
PORT_ArenaRelease(poolp, mark);
return SECFailure;
}
@@ -194,12 +194,12 @@ CMMF_KeyRecRepContentGetPKIStatusInfoStatus(CMMFKeyRecRepContent *inKeyRecRep)
return cmmf_PKIStatusInfoGetStatus(&inKeyRecRep->status);
}
-CERTCertificate*
+CERTCertificate *
CMMF_KeyRecRepContentGetNewSignCert(CMMFKeyRecRepContent *inKeyRecRep)
{
PORT_Assert(inKeyRecRep != NULL);
- if (inKeyRecRep == NULL ||
- inKeyRecRep->newSigCert == NULL) {
+ if (inKeyRecRep == NULL ||
+ inKeyRecRep->newSigCert == NULL) {
return NULL;
}
/* newSigCert may not be a real certificate, it may be a hand decoded
@@ -208,12 +208,12 @@ CMMF_KeyRecRepContentGetNewSignCert(CMMFKeyRecRepContent *inKeyRecRep)
* portion so that we never wind up with a half formed CERTCertificate
* here. In this case the call would be to CERT_DupCertificate.
*/
- return CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
- &inKeyRecRep->newSigCert->signatureWrap.data,
- NULL, PR_FALSE, PR_TRUE);
+ return CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
+ &inKeyRecRep->newSigCert->signatureWrap.data,
+ NULL, PR_FALSE, PR_TRUE);
}
-CERTCertList*
+CERTCertList *
CMMF_KeyRecRepContentGetCACerts(CMMFKeyRecRepContent *inKeyRecRep)
{
PORT_Assert(inKeyRecRep != NULL);
@@ -223,7 +223,7 @@ CMMF_KeyRecRepContentGetCACerts(CMMFKeyRecRepContent *inKeyRecRep)
return cmmf_MakeCertList(inKeyRecRep->caCerts);
}
-int
+int
CMMF_KeyRecRepContentGetNumKeyPairs(CMMFKeyRecRepContent *inKeyRecRep)
{
PORT_Assert(inKeyRecRep != NULL);
@@ -232,87 +232,86 @@ CMMF_KeyRecRepContentGetNumKeyPairs(CMMFKeyRecRepContent *inKeyRecRep)
PRBool
cmmf_KeyRecRepContentIsValidIndex(CMMFKeyRecRepContent *inKeyRecRep,
- int inIndex)
+ int inIndex)
{
int numKeyPairs = CMMF_KeyRecRepContentGetNumKeyPairs(inKeyRecRep);
-
+
return (PRBool)(inIndex >= 0 && inIndex < numKeyPairs);
}
-CMMFCertifiedKeyPair*
+CMMFCertifiedKeyPair *
CMMF_KeyRecRepContentGetCertKeyAtIndex(CMMFKeyRecRepContent *inKeyRecRep,
- int inIndex)
+ int inIndex)
{
CMMFCertifiedKeyPair *newKeyPair;
- SECStatus rv;
+ SECStatus rv;
PORT_Assert(inKeyRecRep != NULL &&
- cmmf_KeyRecRepContentIsValidIndex(inKeyRecRep, inIndex));
+ cmmf_KeyRecRepContentIsValidIndex(inKeyRecRep, inIndex));
if (inKeyRecRep == NULL ||
- !cmmf_KeyRecRepContentIsValidIndex(inKeyRecRep, inIndex)) {
+ !cmmf_KeyRecRepContentIsValidIndex(inKeyRecRep, inIndex)) {
return NULL;
}
newKeyPair = PORT_ZNew(CMMFCertifiedKeyPair);
if (newKeyPair == NULL) {
return NULL;
}
- rv = cmmf_CopyCertifiedKeyPair(NULL, newKeyPair,
- inKeyRecRep->keyPairHist[inIndex]);
+ rv = cmmf_CopyCertifiedKeyPair(NULL, newKeyPair,
+ inKeyRecRep->keyPairHist[inIndex]);
if (rv != SECSuccess) {
CMMF_DestroyCertifiedKeyPair(newKeyPair);
- newKeyPair = NULL;
+ newKeyPair = NULL;
}
return newKeyPair;
}
-SECStatus
+SECStatus
CMMF_CertifiedKeyPairUnwrapPrivKey(CMMFCertifiedKeyPair *inKeyPair,
- SECKEYPrivateKey *inPrivKey,
- SECItem *inNickName,
- PK11SlotInfo *inSlot,
- CERTCertDBHandle *inCertdb,
- SECKEYPrivateKey **destPrivKey,
- void *wincx)
+ SECKEYPrivateKey *inPrivKey,
+ SECItem *inNickName,
+ PK11SlotInfo *inSlot,
+ CERTCertDBHandle *inCertdb,
+ SECKEYPrivateKey **destPrivKey,
+ void *wincx)
{
CERTCertificate *cert;
- SECItem keyUsageValue = {siBuffer, NULL, 0};
+ SECItem keyUsageValue = { siBuffer, NULL, 0 };
unsigned char keyUsage = 0x0;
SECKEYPublicKey *pubKey;
SECStatus rv;
PORT_Assert(inKeyPair != NULL &&
- inPrivKey != NULL && inCertdb != NULL);
- if (inKeyPair == NULL ||
- inPrivKey == NULL ||
- inKeyPair->privateKey == NULL ||
- inCertdb == NULL) {
+ inPrivKey != NULL && inCertdb != NULL);
+ if (inKeyPair == NULL ||
+ inPrivKey == NULL ||
+ inKeyPair->privateKey == NULL ||
+ inCertdb == NULL) {
return SECFailure;
}
-
+
cert = CMMF_CertifiedKeyPairGetCertificate(inKeyPair, inCertdb);
CERT_FindKeyUsageExtension(cert, &keyUsageValue);
if (keyUsageValue.data != NULL) {
keyUsage = keyUsageValue.data[3];
- PORT_Free(keyUsageValue.data);
+ PORT_Free(keyUsageValue.data);
}
pubKey = CERT_ExtractPublicKey(cert);
rv = crmf_encrypted_value_unwrap_priv_key(NULL, inKeyPair->privateKey,
- inPrivKey, pubKey,
- inNickName, inSlot, keyUsage,
- destPrivKey, wincx);
+ inPrivKey, pubKey,
+ inNickName, inSlot, keyUsage,
+ destPrivKey, wincx);
SECKEY_DestroyPublicKey(pubKey);
CERT_DestroyCertificate(cert);
return rv;
}
-
-PRBool
+PRBool
CMMF_KeyRecRepContentHasCACerts(CMMFKeyRecRepContent *inKeyRecRep)
{
PORT_Assert(inKeyRecRep != NULL);
if (inKeyRecRep == NULL) {
return PR_FALSE;
}
- return (PRBool)(inKeyRecRep->caCerts != NULL &&
- inKeyRecRep->caCerts[0] != NULL);
+ return (PRBool)(inKeyRecRep->caCerts != NULL &&
+ inKeyRecRep->caCerts[0] != NULL);
}
diff --git a/lib/crmf/cmmfresp.c b/lib/crmf/cmmfresp.c
index 420bbe4db..1be8c47f3 100644
--- a/lib/crmf/cmmfresp.c
+++ b/lib/crmf/cmmfresp.c
@@ -4,7 +4,7 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
- * This file will contain all routines dealing with creating a
+ * This file will contain all routines dealing with creating a
* CMMFCertRepContent structure through Create/Set functions.
*/
@@ -15,11 +15,11 @@
#include "secitem.h"
#include "secder.h"
-CMMFCertRepContent*
+CMMFCertRepContent *
CMMF_CreateCertRepContent(void)
{
CMMFCertRepContent *retCertRep;
- PLArenaPool *poolp;
+ PLArenaPool *poolp;
poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
if (poolp == NULL) {
@@ -31,47 +31,49 @@ CMMF_CreateCertRepContent(void)
}
retCertRep->poolp = poolp;
return retCertRep;
- loser:
+loser:
if (poolp != NULL) {
PORT_FreeArena(poolp, PR_FALSE);
}
return NULL;
}
-SECStatus
+SECStatus
cmmf_CertOrEncCertSetCertificate(CMMFCertOrEncCert *certOrEncCert,
- PLArenaPool *poolp,
- CERTCertificate *inCert)
+ PLArenaPool *poolp,
+ CERTCertificate *inCert)
{
- SECItem *derDest = NULL;
- SECStatus rv = SECFailure;
+ SECItem *derDest = NULL;
+ SECStatus rv = SECFailure;
if (inCert->derCert.data == NULL) {
- derDest = SEC_ASN1EncodeItem(NULL, NULL, inCert,
- CMMFCertOrEncCertCertificateTemplate);
- if (derDest == NULL) {
- goto loser;
- }
- } else {
+ derDest = SEC_ASN1EncodeItem(NULL, NULL, inCert,
+ CMMFCertOrEncCertCertificateTemplate);
+ if (derDest == NULL) {
+ goto loser;
+ }
+ }
+ else {
derDest = SECITEM_DupItem(&inCert->derCert);
- if (derDest == NULL) {
- goto loser;
- }
+ if (derDest == NULL) {
+ goto loser;
+ }
}
PORT_Assert(certOrEncCert->cert.certificate == NULL);
certOrEncCert->cert.certificate = CERT_DupCertificate(inCert);
certOrEncCert->choice = cmmfCertificate;
if (poolp != NULL) {
rv = SECITEM_CopyItem(poolp, &certOrEncCert->derValue, derDest);
- if (rv != SECSuccess) {
- goto loser;
- }
- } else {
+ if (rv != SECSuccess) {
+ goto loser;
+ }
+ }
+ else {
certOrEncCert->derValue = *derDest;
}
PORT_Free(derDest);
return SECSuccess;
- loser:
+loser:
if (derDest != NULL) {
SECITEM_FreeItem(derDest, PR_TRUE);
}
@@ -79,41 +81,41 @@ cmmf_CertOrEncCertSetCertificate(CMMFCertOrEncCert *certOrEncCert,
}
SECStatus
-cmmf_ExtractCertsFromList(CERTCertList *inCertList,
- PLArenaPool *poolp,
- CERTCertificate ***certArray)
+cmmf_ExtractCertsFromList(CERTCertList *inCertList,
+ PLArenaPool *poolp,
+ CERTCertificate ***certArray)
{
- CERTCertificate **arrayLocalCopy;
- CERTCertListNode *node;
- int numNodes = 0, i;
+ CERTCertificate **arrayLocalCopy;
+ CERTCertListNode *node;
+ int numNodes = 0, i;
for (node = CERT_LIST_HEAD(inCertList); !CERT_LIST_END(node, inCertList);
- node = CERT_LIST_NEXT(node)) {
+ node = CERT_LIST_NEXT(node)) {
numNodes++;
}
arrayLocalCopy = *certArray = (poolp == NULL) ?
- PORT_NewArray(CERTCertificate*, (numNodes+1)) :
- PORT_ArenaNewArray(poolp, CERTCertificate*, (numNodes+1));
+ PORT_NewArray(CERTCertificate *, (numNodes + 1)) :
+ PORT_ArenaNewArray(poolp, CERTCertificate *, (numNodes + 1));
if (arrayLocalCopy == NULL) {
return SECFailure;
}
- for (node = CERT_LIST_HEAD(inCertList), i=0;
- !CERT_LIST_END(node, inCertList);
- node = CERT_LIST_NEXT(node), i++) {
+ for (node = CERT_LIST_HEAD(inCertList), i = 0;
+ !CERT_LIST_END(node, inCertList);
+ node = CERT_LIST_NEXT(node), i++) {
arrayLocalCopy[i] = CERT_DupCertificate(node->cert);
- if (arrayLocalCopy[i] == NULL) {
- int j;
-
- for (j=0; j<i; j++) {
- CERT_DestroyCertificate(arrayLocalCopy[j]);
- }
- if (poolp == NULL) {
- PORT_Free(arrayLocalCopy);
- }
- *certArray = NULL;
- return SECFailure;
- }
+ if (arrayLocalCopy[i] == NULL) {
+ int j;
+
+ for (j = 0; j < i; j++) {
+ CERT_DestroyCertificate(arrayLocalCopy[j]);
+ }
+ if (poolp == NULL) {
+ PORT_Free(arrayLocalCopy);
+ }
+ *certArray = NULL;
+ return SECFailure;
+ }
}
arrayLocalCopy[numNodes] = NULL;
return SECSuccess;
@@ -121,56 +123,56 @@ cmmf_ExtractCertsFromList(CERTCertList *inCertList,
SECStatus
CMMF_CertRepContentSetCertResponses(CMMFCertRepContent *inCertRepContent,
- CMMFCertResponse **inCertResponses,
- int inNumResponses)
+ CMMFCertResponse **inCertResponses,
+ int inNumResponses)
{
- PLArenaPool *poolp;
+ PLArenaPool *poolp;
CMMFCertResponse **respArr, *newResp;
- void *mark;
- SECStatus rv;
- int i;
+ void *mark;
+ SECStatus rv;
+ int i;
- PORT_Assert (inCertRepContent != NULL &&
- inCertResponses != NULL &&
- inNumResponses > 0);
+ PORT_Assert(inCertRepContent != NULL &&
+ inCertResponses != NULL &&
+ inNumResponses > 0);
if (inCertRepContent == NULL ||
- inCertResponses == NULL ||
- inCertRepContent->response != NULL) {
+ inCertResponses == NULL ||
+ inCertRepContent->response != NULL) {
return SECFailure;
}
poolp = inCertRepContent->poolp;
mark = PORT_ArenaMark(poolp);
- respArr = inCertRepContent->response =
- PORT_ArenaZNewArray(poolp, CMMFCertResponse*, (inNumResponses+1));
+ respArr = inCertRepContent->response =
+ PORT_ArenaZNewArray(poolp, CMMFCertResponse *, (inNumResponses + 1));
if (respArr == NULL) {
goto loser;
}
- for (i=0; i<inNumResponses; i++) {
+ for (i = 0; i < inNumResponses; i++) {
newResp = PORT_ArenaZNew(poolp, CMMFCertResponse);
- if (newResp == NULL) {
- goto loser;
- }
+ if (newResp == NULL) {
+ goto loser;
+ }
rv = cmmf_CopyCertResponse(poolp, newResp, inCertResponses[i]);
- if (rv != SECSuccess) {
- goto loser;
- }
- respArr[i] = newResp;
+ if (rv != SECSuccess) {
+ goto loser;
+ }
+ respArr[i] = newResp;
}
respArr[inNumResponses] = NULL;
PORT_ArenaUnmark(poolp, mark);
return SECSuccess;
- loser:
+loser:
PORT_ArenaRelease(poolp, mark);
return SECFailure;
}
-CMMFCertResponse*
+CMMFCertResponse *
CMMF_CreateCertResponse(long inCertReqId)
{
- SECItem *dummy;
+ SECItem *dummy;
CMMFCertResponse *newResp;
-
+
newResp = PORT_ZNew(CMMFCertResponse);
if (newResp == NULL) {
goto loser;
@@ -181,7 +183,7 @@ CMMF_CreateCertResponse(long inCertReqId)
}
return newResp;
- loser:
+loser:
if (newResp != NULL) {
CMMF_DestroyCertResponse(newResp);
}
@@ -190,69 +192,69 @@ CMMF_CreateCertResponse(long inCertReqId)
SECStatus
CMMF_CertResponseSetPKIStatusInfoStatus(CMMFCertResponse *inCertResp,
- CMMFPKIStatus inPKIStatus)
+ CMMFPKIStatus inPKIStatus)
{
- PORT_Assert (inCertResp != NULL && inPKIStatus >= cmmfGranted
- && inPKIStatus < cmmfNumPKIStatus);
+ PORT_Assert(inCertResp != NULL && inPKIStatus >= cmmfGranted &&
+ inPKIStatus < cmmfNumPKIStatus);
- if (inCertResp == NULL) {
+ if (inCertResp == NULL) {
return SECFailure;
}
return cmmf_PKIStatusInfoSetStatus(&inCertResp->status, NULL,
- inPKIStatus);
+ inPKIStatus);
}
SECStatus
-CMMF_CertResponseSetCertificate (CMMFCertResponse *inCertResp,
- CERTCertificate *inCertificate)
+CMMF_CertResponseSetCertificate(CMMFCertResponse *inCertResp,
+ CERTCertificate *inCertificate)
{
CMMFCertifiedKeyPair *keyPair = NULL;
- SECStatus rv = SECFailure;
+ SECStatus rv = SECFailure;
PORT_Assert(inCertResp != NULL && inCertificate != NULL);
if (inCertResp == NULL || inCertificate == NULL) {
return SECFailure;
}
if (inCertResp->certifiedKeyPair == NULL) {
- keyPair = inCertResp->certifiedKeyPair =
- PORT_ZNew(CMMFCertifiedKeyPair);
- } else {
+ keyPair = inCertResp->certifiedKeyPair =
+ PORT_ZNew(CMMFCertifiedKeyPair);
+ }
+ else {
keyPair = inCertResp->certifiedKeyPair;
}
if (keyPair == NULL) {
goto loser;
}
rv = cmmf_CertOrEncCertSetCertificate(&keyPair->certOrEncCert, NULL,
- inCertificate);
+ inCertificate);
if (rv != SECSuccess) {
goto loser;
}
return SECSuccess;
- loser:
+loser:
if (keyPair) {
if (keyPair->certOrEncCert.derValue.data) {
- PORT_Free(keyPair->certOrEncCert.derValue.data);
- }
- PORT_Free(keyPair);
+ PORT_Free(keyPair->certOrEncCert.derValue.data);
+ }
+ PORT_Free(keyPair);
}
return rv;
}
-
SECStatus
CMMF_CertRepContentSetCAPubs(CMMFCertRepContent *inCertRepContent,
- CERTCertList *inCAPubs)
+ CERTCertList *inCAPubs)
{
- PLArenaPool *poolp;
- void *mark;
- SECStatus rv;
+ PLArenaPool *poolp;
+ void *mark;
+ SECStatus rv;
PORT_Assert(inCertRepContent != NULL &&
- inCAPubs != NULL &&
- inCertRepContent->caPubs == NULL);
-
+ inCAPubs != NULL &&
+ inCertRepContent->caPubs == NULL);
+
if (inCertRepContent == NULL ||
- inCAPubs == NULL || inCertRepContent == NULL) {
+ inCAPubs == NULL || inCertRepContent == NULL) {
return SECFailure;
}
@@ -260,24 +262,25 @@ CMMF_CertRepContentSetCAPubs(CMMFCertRepContent *inCertRepContent,
mark = PORT_ArenaMark(poolp);
rv = cmmf_ExtractCertsFromList(inCAPubs, poolp,
- &inCertRepContent->caPubs);
+ &inCertRepContent->caPubs);
if (rv != SECSuccess) {
PORT_ArenaRelease(poolp, mark);
- } else {
+ }
+ else {
PORT_ArenaUnmark(poolp, mark);
}
return rv;
}
-CERTCertificate*
+CERTCertificate *
CMMF_CertifiedKeyPairGetCertificate(CMMFCertifiedKeyPair *inCertKeyPair,
- CERTCertDBHandle *inCertdb)
+ CERTCertDBHandle *inCertdb)
{
PORT_Assert(inCertKeyPair != NULL);
if (inCertKeyPair == NULL) {
return NULL;
}
return cmmf_CertOrEncCertGetCertificate(&inCertKeyPair->certOrEncCert,
- inCertdb);
+ inCertdb);
}
diff --git a/lib/crmf/cmmft.h b/lib/crmf/cmmft.h
index aea64b0f4..e39f19ed3 100644
--- a/lib/crmf/cmmft.h
+++ b/lib/crmf/cmmft.h
@@ -19,7 +19,7 @@ typedef enum {
} CMMFCertOrEncCertChoice;
/*
- * This is the enumeration and the corresponding values used to
+ * This is the enumeration and the corresponding values used to
* represent the CMMF type PKIStatus
*/
typedef enum {
@@ -51,19 +51,19 @@ typedef enum {
cmmfNoFailureInfo = 9
} CMMFPKIFailureInfo;
-typedef struct CMMFPKIStatusInfoStr CMMFPKIStatusInfo;
-typedef struct CMMFCertOrEncCertStr CMMFCertOrEncCert;
-typedef struct CMMFCertifiedKeyPairStr CMMFCertifiedKeyPair;
-typedef struct CMMFCertResponseStr CMMFCertResponse;
-typedef struct CMMFCertResponseSeqStr CMMFCertResponseSeq;
+typedef struct CMMFPKIStatusInfoStr CMMFPKIStatusInfo;
+typedef struct CMMFCertOrEncCertStr CMMFCertOrEncCert;
+typedef struct CMMFCertifiedKeyPairStr CMMFCertifiedKeyPair;
+typedef struct CMMFCertResponseStr CMMFCertResponse;
+typedef struct CMMFCertResponseSeqStr CMMFCertResponseSeq;
typedef struct CMMFPOPODecKeyChallContentStr CMMFPOPODecKeyChallContent;
-typedef struct CMMFChallengeStr CMMFChallenge;
-typedef struct CMMFRandStr CMMFRand;
-typedef struct CMMFPOPODecKeyRespContentStr CMMFPOPODecKeyRespContent;
-typedef struct CMMFKeyRecRepContentStr CMMFKeyRecRepContent;
-typedef struct CMMFCertRepContentStr CMMFCertRepContent;
+typedef struct CMMFChallengeStr CMMFChallenge;
+typedef struct CMMFRandStr CMMFRand;
+typedef struct CMMFPOPODecKeyRespContentStr CMMFPOPODecKeyRespContent;
+typedef struct CMMFKeyRecRepContentStr CMMFKeyRecRepContent;
+typedef struct CMMFCertRepContentStr CMMFCertRepContent;
-/* Export this so people can call SEC_ASN1EncodeItem instead of having to
+/* Export this so people can call SEC_ASN1EncodeItem instead of having to
* write callbacks that are passed in to the high level encode function
* for CMMFCertRepContent.
*/
diff --git a/lib/crmf/crmf.h b/lib/crmf/crmf.h
index 9f36c2884..c56e28913 100644
--- a/lib/crmf/crmf.h
+++ b/lib/crmf/crmf.h
@@ -3,7 +3,6 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
#ifndef _CRMF_H_
#define _CRMF_H_
@@ -27,16 +26,16 @@ SEC_BEGIN_PROTOS
* An opaque pointer that gets passed to the function fn
* OUTPUT:
* The function fn will be called multiple times. Look at the
- * comments in crmft.h where the CRMFEncoderOutputCallback type is
+ * comments in crmft.h where the CRMFEncoderOutputCallback type is
* defined for information on proper behavior of the function fn.
* RETURN:
* SECSuccess if encoding was successful. Any other return value
* indicates an error occurred during encoding.
*/
-extern SECStatus
- CRMF_EncodeCertReqMsg (CRMFCertReqMsg *inCertReqMsg,
- CRMFEncoderOutputCallback fn,
- void *arg);
+extern SECStatus
+CRMF_EncodeCertReqMsg(CRMFCertReqMsg *inCertReqMsg,
+ CRMFEncoderOutputCallback fn,
+ void *arg);
/*
* FUNCTION: CRMF_EncoderCertRequest
@@ -49,17 +48,17 @@ extern SECStatus
* arg
* An opaque pointer that gets passed to the function fn.
* OUTPUT:
- * The function fn will be called, probably multiple times whenever
- * the ASN1 encoder wants to write out DER-encoded bytes. Look at the
+ * The function fn will be called, probably multiple times whenever
+ * the ASN1 encoder wants to write out DER-encoded bytes. Look at the
* comments in crmft.h where the CRMFEncoderOutputCallback type is
* defined for information on proper behavior of the function fn.
* RETURN:
- * SECSuccess if encoding was successful. Any other return value
+ * SECSuccess if encoding was successful. Any other return value
* indicates an error occurred during encoding.
*/
-extern SECStatus CRMF_EncodeCertRequest (CRMFCertRequest *inCertReq,
- CRMFEncoderOutputCallback fn,
- void *arg);
+extern SECStatus CRMF_EncodeCertRequest(CRMFCertRequest *inCertReq,
+ CRMFEncoderOutputCallback fn,
+ void *arg);
/*
* FUNCTION: CRMF_EncodeCertReqMessages
* INPUTS:
@@ -77,25 +76,24 @@ extern SECStatus CRMF_EncodeCertRequest (CRMFCertRequest *inCertReq,
*
* NOTES:
* The parameter inCertReqMsgs needs to be an array with a NULL pointer
- * to signal the end of messages. An array in the form of
+ * to signal the end of messages. An array in the form of
* {m1, m2, m3, NULL, m4, ...} will only encode the messages m1, m2, and
* m3. All messages from m4 on will not be looked at by the library.
*
* OUTPUT:
- * The function fn will be called, probably multiple times. Look at the
+ * The function fn will be called, probably multiple times. Look at the
* comments in crmft.h where the CRMFEncoderOutputCallback type is
* defined for information on proper behavior of the function fn.
*
* RETURN:
- * SECSuccess if encoding the Certificate Request Messages was successful.
+ * SECSuccess if encoding the Certificate Request Messages was successful.
* Any other return value indicates an error occurred while encoding the
* certificate request messages.
*/
-extern SECStatus
- CRMF_EncodeCertReqMessages(CRMFCertReqMsg **inCertReqMsgs,
- CRMFEncoderOutputCallback fn,
- void *arg);
-
+extern SECStatus
+CRMF_EncodeCertReqMessages(CRMFCertReqMsg **inCertReqMsgs,
+ CRMFEncoderOutputCallback fn,
+ void *arg);
/*
* FUNCTION: CRMF_CreateCertReqMsg
@@ -104,19 +102,19 @@ extern SECStatus
* OUTPUT:
* An empty CRMF Certificate Request Message.
* Before encoding this message, the user must set
- * the ProofOfPossession field and the certificate
+ * the ProofOfPossession field and the certificate
* request which are necessary for the full message.
* After the user no longer needs this CertReqMsg,
* the user must call CRMF_DestroyCertReqMsg to free
* all memory associated with the Certificate Request
* Message.
* RETURN:
- * A pointer to a Certificate Request Message. The user
- * must pass the return value of this function to
+ * A pointer to a Certificate Request Message. The user
+ * must pass the return value of this function to
* CRMF_DestroyCertReqMsg after the Certificate Request
* Message is no longer necessary.
*/
-extern CRMFCertReqMsg* CRMF_CreateCertReqMsg(void);
+extern CRMFCertReqMsg *CRMF_CreateCertReqMsg(void);
/*
* FUNCTION: CRMF_DestroyCertReqMsg
@@ -127,12 +125,12 @@ extern CRMFCertReqMsg* CRMF_CreateCertReqMsg(void);
* This function frees all the memory used for the Certificate
* Request Message and all the memory used in making copies of
* fields of elelments of the message, eg. the Proof Of Possession
- * filed and the Cetificate Request.
+ * filed and the Cetificate Request.
* RETURN:
* SECSuccess if destruction was successful. Any other return value
* indicates an error while trying to free the memory associated
* with inCertReqMsg.
- *
+ *
*/
extern SECStatus CRMF_DestroyCertReqMsg(CRMFCertReqMsg *inCertReqMsg);
@@ -151,14 +149,14 @@ extern SECStatus CRMF_DestroyCertReqMsg(CRMFCertReqMsg *inCertReqMsg);
* the user must not call this function until the Certificate Request
* has been fully built and is ready to be encoded.
* RETURN:
- * SECSuccess
+ * SECSuccess
* If copying the Certificate as a member of the Certificate
* request message was successful.
* Any other return value indicates a failure to copy the Certificate
* Request and make it a part of the Certificate Request Message.
*/
-extern SECStatus CRMF_CertReqMsgSetCertRequest(CRMFCertReqMsg *inCertReqMsg,
- CRMFCertRequest *inCertReq);
+extern SECStatus CRMF_CertReqMsgSetCertRequest(CRMFCertReqMsg *inCertReqMsg,
+ CRMFCertRequest *inCertReq);
/*
* FUNCTION: CRMF_CreateCertRequest
@@ -176,7 +174,7 @@ extern SECStatus CRMF_CertReqMsgSetCertRequest(CRMFCertReqMsg *inCertReqMsg,
* A pointer to the new Certificate Request. A NULL return value
* indicates an error in creating the Certificate Request.
*/
-extern CRMFCertRequest *CRMF_CreateCertRequest (PRUint32 inRequestID);
+extern CRMFCertRequest *CRMF_CreateCertRequest(PRUint32 inRequestID);
/*
* FUNCTION: CRMF_DestroyCertRequest
@@ -185,12 +183,12 @@ extern CRMFCertRequest *CRMF_CreateCertRequest (PRUint32 inRequestID);
* The Certificate Request that will be destroyed.
* RETURN:
* SECSuccess
- * If freeing the memory associated with the certificate request
+ * If freeing the memory associated with the certificate request
* was successful.
- * Any other return value indicates an error while trying to free the
+ * Any other return value indicates an error while trying to free the
* memory.
*/
-extern SECStatus CRMF_DestroyCertRequest (CRMFCertRequest *inCertReq);
+extern SECStatus CRMF_DestroyCertRequest(CRMFCertRequest *inCertReq);
/*
* FUNCTION: CRMF_CreateCertExtension
@@ -201,16 +199,16 @@ extern SECStatus CRMF_DestroyCertRequest (CRMFCertRequest *inCertReq);
* will fail.
* isCritical
* A boolean value stating if the extension value is crtical. PR_TRUE
- * means the value is crtical. PR_FALSE indicates the value is not
+ * means the value is crtical. PR_FALSE indicates the value is not
* critical.
* data
* This is the data associated with the extension. The user of the
* library is responsible for making sure the value passed in is a
* valid interpretation of the certificate extension.
* NOTES:
- * Use this function to create CRMFCertExtension Structures which will
- * then be passed to CRMF_AddFieldToCertTemplate as part of the
- * CRMFCertCreationInfo.extensions The user must call
+ * Use this function to create CRMFCertExtension Structures which will
+ * then be passed to CRMF_AddFieldToCertTemplate as part of the
+ * CRMFCertCreationInfo.extensions The user must call
* CRMF_DestroyCertExtension after the extension has been added to a certifcate
* and the extension is no longer needed.
*
@@ -218,9 +216,9 @@ extern SECStatus CRMF_DestroyCertRequest (CRMFCertRequest *inCertReq);
* A pointer to a newly created CertExtension. A return value of NULL
* indicates the id passed in was an invalid certificate extension.
*/
-extern CRMFCertExtension *CRMF_CreateCertExtension(SECOidTag id,
- PRBool isCritical,
- SECItem *data);
+extern CRMFCertExtension *CRMF_CreateCertExtension(SECOidTag id,
+ PRBool isCritical,
+ SECItem *data);
/*
* FUNCTION: CMRF_DestroyCertExtension
@@ -232,12 +230,12 @@ extern CRMFCertExtension *CRMF_CreateCertExtension(SECOidTag id,
*
* RETURN:
* SECSuccess if freeing the memory associated with the certificate extension
- * was successful. Any other error indicates an error while freeing the
+ * was successful. Any other error indicates an error while freeing the
* memory.
*/
extern SECStatus CRMF_DestroyCertExtension(CRMFCertExtension *inExtension);
-/*
+/*
* FUNCTION: CRMF_CertRequestSetTemplateField
* INPUTS:
* inCertReq
@@ -255,7 +253,7 @@ extern SECStatus CRMF_DestroyCertExtension(CRMFCertExtension *inExtension);
* depending on the template field one wants to set.
*
* Look in crmft.h for the definition of CRMFCertTemplateField.
- *
+ *
* In all cases, the library makes copies of the data passed in.
*
* CRMFCertTemplateField Type of data What data means
@@ -267,23 +265,23 @@ extern SECStatus CRMF_DestroyCertExtension(CRMFCertExtension *inExtension);
* crmfSerialNumber long * The serial number
* for the cert to be
* created.
- *
+ *
* crmfSigningAlg SECAlgorithm * The ASN.1 object ID for
* the algorithm used in encoding
* the certificate.
*
- * crmfIssuer CERTName * Certificate Library
+ * crmfIssuer CERTName * Certificate Library
* representation of the ASN1 type
* Name from X.509
*
* crmfValidity CRMFValidityCreationInfo * At least one of the two
* fields in the structure must
- * be present. A NULL pointer
+ * be present. A NULL pointer
* in the structure indicates
- * that member should not be
+ * that member should not be
* added.
*
- * crmfSubject CERTName * Certificate Library
+ * crmfSubject CERTName * Certificate Library
* representation of the ASN1 type
* Name from X.509
*
@@ -301,23 +299,23 @@ extern SECStatus CRMF_DestroyCertExtension(CRMFCertExtension *inExtension);
* and not the number of bytes.
*
* crmfExtension CRMFCertExtCreationInfo * A pointer to the structure
- * populated with an array of
+ * populated with an array of
* of certificate extensions
* and an integer that tells
* how many elements are in the
* array. Look in crmft.h for
- * the definition of
+ * the definition of
* CRMFCertExtCreationInfo
* RETURN:
* SECSuccess if adding the desired field to the template was successful.
- * Any other return value indicates failure when trying to add the field
+ * Any other return value indicates failure when trying to add the field
* to the template.
- *
+ *
*/
extern SECStatus
- CRMF_CertRequestSetTemplateField(CRMFCertRequest *inCertReq,
- CRMFCertTemplateField inTemplateField,
- void *data);
+CRMF_CertRequestSetTemplateField(CRMFCertRequest *inCertReq,
+ CRMFCertTemplateField inTemplateField,
+ void *data);
/*
* FUNCTION: CRMF_CertRequestIsFieldPresent
@@ -337,8 +335,8 @@ extern SECStatus
* the function returns PR_FALSE.
*/
extern PRBool
- CRMF_CertRequestIsFieldPresent(CRMFCertRequest *inCertReq,
- CRMFCertTemplateField inTemplateField);
+CRMF_CertRequestIsFieldPresent(CRMFCertRequest *inCertReq,
+ CRMFCertTemplateField inTemplateField);
/*
* FUNCTION: CRMF_CertRequestIsControlPresent
@@ -363,9 +361,8 @@ extern PRBool
* does not exist, the function will return PR_FALSE.
*/
extern PRBool
- CRMF_CertRequestIsControlPresent(CRMFCertRequest *inCertReq,
- CRMFControlType inControlType);
-
+CRMF_CertRequestIsControlPresent(CRMFCertRequest *inCertReq,
+ CRMFControlType inControlType);
/*
* FUNCTION: CRMF_CertRequestSetRegTokenControl
@@ -376,7 +373,7 @@ extern PRBool
* The UTF8 value which will be the Registration Token Control
* for this Certificate Request.
* NOTES:
- * The library does no verification that the value passed in is
+ * The library does no verification that the value passed in is
* a valid UTF8 value. The caller must make sure of this in order
* to get an encoding that is valid. The library will ultimately
* encode this value as it was passed in.
@@ -387,7 +384,7 @@ extern PRBool
*
*/
extern SECStatus CRMF_CertRequestSetRegTokenControl(CRMFCertRequest *inCertReq,
- SECItem *value);
+ SECItem *value);
/*
* FUNCTION: CRMF_CertRequestSetAuthenticatorControl
@@ -398,7 +395,7 @@ extern SECStatus CRMF_CertRequestSetRegTokenControl(CRMFCertRequest *inCertReq,
* The UTF8 value that will become the Authenticator Control
* for the passed in Certificate Request.
* NOTES:
- * The library does no verification that the value passed in is
+ * The library does no verification that the value passed in is
* a valid UTF8 value. The caller must make sure of this in order
* to get an encoding that is valid. The library will ultimately
* encode this value as it was passed in.
@@ -407,31 +404,31 @@ extern SECStatus CRMF_CertRequestSetRegTokenControl(CRMFCertRequest *inCertReq,
* Any other return value indicates an unsuccessful attempt to add the
* control.
*/
-extern SECStatus
- CRMF_CertRequestSetAuthenticatorControl (CRMFCertRequest *inCertReq,
- SECItem *value);
+extern SECStatus
+CRMF_CertRequestSetAuthenticatorControl(CRMFCertRequest *inCertReq,
+ SECItem *value);
/*
* FUNCTION: CRMF_CreateEncryptedKeyWithencryptedValue
* INPUTS:
* inPrivKey
* This is the private key associated with a certificate that is
- * being requested. This structure will eventually wind up as
- * a part of the PKIArchiveOptions Control.
+ * being requested. This structure will eventually wind up as
+ * a part of the PKIArchiveOptions Control.
* inCACert
- * This is the certificate for the CA that will be receiving the
+ * This is the certificate for the CA that will be receiving the
* certificate request for the private key passed in.
* OUTPUT:
- * A CRMFEncryptedKey that can ultimately be used as part of the
+ * A CRMFEncryptedKey that can ultimately be used as part of the
* PKIArchiveOptions Control.
*
* RETURN:
* A pointer to a CRMFEncyptedKey. A NULL return value indicates an erro
* during the creation of the encrypted key.
*/
-extern CRMFEncryptedKey*
- CRMF_CreateEncryptedKeyWithEncryptedValue(SECKEYPrivateKey *inPrivKey,
- CERTCertificate *inCACert);
+extern CRMFEncryptedKey *
+CRMF_CreateEncryptedKeyWithEncryptedValue(SECKEYPrivateKey *inPrivKey,
+ CERTCertificate *inCACert);
/*
* FUNCTION: CRMF_DestroyEncryptedKey
@@ -445,12 +442,12 @@ extern CRMFEncryptedKey*
* value indicates an error while freeig the memroy.
*/
extern SECStatus CRMF_DestroyEncryptedKey(CRMFEncryptedKey *inEncrKey);
-
+
/*
* FUNCTION: CRMF_CreatePKIArchiveOptions
* INPUTS:
* inType
- * An enumeration value indicating which option for
+ * An enumeration value indicating which option for
* PKIArchiveOptions to use.
* data
* A pointer that will be type-cast and de-referenced according
@@ -470,9 +467,9 @@ extern SECStatus CRMF_DestroyEncryptedKey(CRMFEncryptedKey *inEncrKey);
* Request. A NULL pointer indicates an error occurred while creating
* the CRMFPKIArchiveOptions Structure.
*/
-extern CRMFPKIArchiveOptions*
- CRMF_CreatePKIArchiveOptions(CRMFPKIArchiveOptionsType inType,
- void *data);
+extern CRMFPKIArchiveOptions *
+CRMF_CreatePKIArchiveOptions(CRMFPKIArchiveOptionsType inType,
+ void *data);
/*
* FUNCTION: CRMF_DestroyPKIArchiveOptions
* INPUTS:
@@ -484,8 +481,8 @@ extern CRMFPKIArchiveOptions*
* SECSuccess if successful in freeing the memory used by 'inArchOpt'
* Any other return value indicates an error while freeing the memory.
*/
-extern SECStatus
- CRMF_DestroyPKIArchiveOptions(CRMFPKIArchiveOptions *inArchOpt);
+extern SECStatus
+CRMF_DestroyPKIArchiveOptions(CRMFPKIArchiveOptions *inArchOpt);
/*
* FUNCTION: CRMF_CertRequestSetPKIArchiveOptions
@@ -503,9 +500,9 @@ extern SECStatus
* request. Any other return value indicates an error when trying to add
* the Archive Options to the Certificate Request.
*/
-extern SECStatus
- CRMF_CertRequestSetPKIArchiveOptions(CRMFCertRequest *inCertReq,
- CRMFPKIArchiveOptions *inOptions);
+extern SECStatus
+CRMF_CertRequestSetPKIArchiveOptions(CRMFCertRequest *inCertReq,
+ CRMFPKIArchiveOptions *inOptions);
/*
* FUNCTION: CRMF_CertReqMsgGetPOPType
@@ -530,11 +527,11 @@ extern CRMFPOPChoice CRMF_CertReqMsgGetPOPType(CRMFCertReqMsg *inCertReqMsg);
* InCertReqMsg
* The Certificate Request Message to operate on.
* NOTES:
- * This function will set the method of Proof Of Possession to
- * crmfRAVerified which means the RA has already verified the
+ * This function will set the method of Proof Of Possession to
+ * crmfRAVerified which means the RA has already verified the
* requester does possess the private key.
* RETURN:
- * SECSuccess if adding RAVerified to the message is successful.
+ * SECSuccess if adding RAVerified to the message is successful.
* Any other message indicates an error while trying to add RAVerified
* as the Proof of Possession.
*/
@@ -551,7 +548,7 @@ extern SECStatus CRMF_CertReqMsgSetRAVerifiedPOP(CRMFCertReqMsg *inCertReqMsg);
* inPubKey
* The Public Key which corresponds to the Private Key passed in.
* inCertForInput
- * A Certificate that in the future may be used to create
+ * A Certificate that in the future may be used to create
* POPOSigningKeyInput.
* fn
* A callback for retrieving a password which may be used in the
@@ -560,13 +557,13 @@ extern SECStatus CRMF_CertReqMsgSetRAVerifiedPOP(CRMFCertReqMsg *inCertReqMsg);
* An opaque pointer that would be passed to fn whenever it is
* called.
* NOTES:
- * Adds Proof Of Possession to the CertRequest using the signature field
- * of the ProofOfPossession field. NOTE: In order to use this option,
+ * Adds Proof Of Possession to the CertRequest using the signature field
+ * of the ProofOfPossession field. NOTE: In order to use this option,
* the certificate template must contain the publicKey at the very minimum.
- *
+ *
* If you don't want the function to generate POPOSigningKeyInput, then
* make sure the cert template already contains the subject and public key
- * values. Currently creating POPOSigningKeyInput is not supported, so
+ * values. Currently creating POPOSigningKeyInput is not supported, so
* a Message passed to this function must have the publicKey and the subject
* as part of the template
*
@@ -583,8 +580,8 @@ extern SECStatus CRMF_CertReqMsgSetRAVerifiedPOP(CRMFCertReqMsg *inCertReqMsg);
* If passed in, this certificate needs to be a valid certificate.
*
* The last 3 arguments are for future compatibility in case we ever want to
- * support generating POPOSigningKeyInput. Pass in NULL for all 3 if you
- * definitely don't want the function to even try to generate
+ * support generating POPOSigningKeyInput. Pass in NULL for all 3 if you
+ * definitely don't want the function to even try to generate
* POPOSigningKeyInput. If you try to use POPOSigningKeyInput, the function
* will fail.
*
@@ -593,13 +590,13 @@ extern SECStatus CRMF_CertReqMsgSetRAVerifiedPOP(CRMFCertReqMsg *inCertReqMsg);
* Any other return value indicates an error in trying to add
* the Signature Proof Of Possession.
*/
-extern SECStatus
- CRMF_CertReqMsgSetSignaturePOP(CRMFCertReqMsg *inCertReqMsg,
- SECKEYPrivateKey *inPrivKey,
- SECKEYPublicKey *inPubKey,
- CERTCertificate *inCertForInput,
- CRMFMACPasswordCallback fn,
- void *arg);
+extern SECStatus
+CRMF_CertReqMsgSetSignaturePOP(CRMFCertReqMsg *inCertReqMsg,
+ SECKEYPrivateKey *inPrivKey,
+ SECKEYPublicKey *inPubKey,
+ CERTCertificate *inCertForInput,
+ CRMFMACPasswordCallback fn,
+ void *arg);
/*
* FUNCTION: CRMF_CertReqMsgSetKeyEnciphermentPOP
@@ -610,7 +607,7 @@ extern SECStatus
* An enumeration indicating which POPOPrivKey Choice to use
* in constructing the KeyEnciphermentPOP.
* subseqMess
- * This parameter must be provided iff inKeyChoice is
+ * This parameter must be provided iff inKeyChoice is
* crmfSubsequentMessage. This details how the RA is to respond
* in order to perform Proof Of Possession. Look in crmft.h under
* the definition of CRMFSubseqMessOptions for possible values.
@@ -618,7 +615,7 @@ extern SECStatus
* This parameter only needs to be provided if inKeyChoice is
* crmfThisMessage. The item should contain the encrypted private
* key.
- *
+ *
* NOTES:
* Adds Proof Of Possession using the keyEncipherment field of
* ProofOfPossession.
@@ -651,11 +648,11 @@ extern SECStatus
* SECSuccess if adding KeyEnciphermentPOP was successful. Any other return
* value indicates an error in adding KeyEnciphermentPOP.
*/
-extern SECStatus
- CRMF_CertReqMsgSetKeyEnciphermentPOP(CRMFCertReqMsg *inCertReqMsg,
- CRMFPOPOPrivKeyChoice inKeyChoice,
- CRMFSubseqMessOptions subseqMess,
- SECItem *encPrivKey);
+extern SECStatus
+CRMF_CertReqMsgSetKeyEnciphermentPOP(CRMFCertReqMsg *inCertReqMsg,
+ CRMFPOPOPrivKeyChoice inKeyChoice,
+ CRMFSubseqMessOptions subseqMess,
+ SECItem *encPrivKey);
/*
* FUNCTION: CRMF_CertReqMsgSetKeyAgreementPOP
@@ -666,7 +663,7 @@ extern SECStatus
* An enumeration indicating which POPOPrivKey Choice to use
* in constructing the KeyAgreementPOP.
* subseqMess
- * This parameter must be provided iff inKeyChoice is
+ * This parameter must be provided iff inKeyChoice is
* crmfSubsequentMessage. This details how the RA is to respond
* in order to perform Proof Of Possession. Look in crmft.h under
* the definition of CRMFSubseqMessOptions for possible values.
@@ -700,11 +697,11 @@ extern SECStatus
*
* crmfDHMAC This option is not supported.
*/
-extern SECStatus
- CRMF_CertReqMsgSetKeyAgreementPOP(CRMFCertReqMsg *inCertReqMsg,
- CRMFPOPOPrivKeyChoice inKeyChoice,
- CRMFSubseqMessOptions subseqMess,
- SECItem *encPrivKey);
+extern SECStatus
+CRMF_CertReqMsgSetKeyAgreementPOP(CRMFCertReqMsg *inCertReqMsg,
+ CRMFPOPOPrivKeyChoice inKeyChoice,
+ CRMFSubseqMessOptions subseqMess,
+ SECItem *encPrivKey);
/*
* FUNCTION: CRMF_CreateCertReqMsgFromDER
@@ -714,16 +711,16 @@ extern SECStatus
* len
* The length in bytes of the buffer 'buf'
* NOTES:
- * This function passes the buffer to the ASN1 decoder and creates a
+ * This function passes the buffer to the ASN1 decoder and creates a
* CRMFCertReqMsg structure. Do not try adding any fields to a message
- * returned from this function. Specifically adding more Controls or
+ * returned from this function. Specifically adding more Controls or
* Extensions may cause your program to crash.
*
* RETURN:
* A pointer to the Certificate Request Message structure. A NULL return
* value indicates the library was unable to parse the DER.
*/
-extern CRMFCertReqMsg* CRMF_CreateCertReqMsgFromDER(const char *buf, long len);
+extern CRMFCertReqMsg *CRMF_CreateCertReqMsgFromDER(const char *buf, long len);
/*
* FUNCTION: CRMF_CreateCertReqMessagesFromDER
@@ -733,19 +730,19 @@ extern CRMFCertReqMsg* CRMF_CreateCertReqMsgFromDER(const char *buf, long len);
* len
* The length in bytes of buf
* NOTES:
- * This function passes the buffer to the ASN1 decoder and creates a
+ * This function passes the buffer to the ASN1 decoder and creates a
* CRMFCertReqMessages structure. Do not try adding any fields to a message
- * derived from this function. Specifically adding more Controls or
+ * derived from this function. Specifically adding more Controls or
* Extensions may cause your program to crash.
- * The user must call CRMF_DestroyCertReqMessages after the return value is
+ * The user must call CRMF_DestroyCertReqMessages after the return value is
* no longer needed, ie when all individual messages have been extracted.
- *
+ *
* RETURN:
* A pointer to the Certificate Request Messages structure. A NULL return
* value indicates the library was unable to parse the DER.
- */
-extern CRMFCertReqMessages*
- CRMF_CreateCertReqMessagesFromDER(const char *buf, long len);
+ */
+extern CRMFCertReqMessages *
+CRMF_CreateCertReqMessagesFromDER(const char *buf, long len);
/*
* FUNCTION: CRMF_DestroyCertReqMessages
@@ -755,9 +752,9 @@ extern CRMFCertReqMessages*
* RETURN:
* SECSuccess if freeing the memory was done successfully. Any other
* return value indicates an error in freeing up memory.
- */
-extern SECStatus
- CRMF_DestroyCertReqMessages(CRMFCertReqMessages *inCertReqMsgs);
+ */
+extern SECStatus
+CRMF_DestroyCertReqMessages(CRMFCertReqMessages *inCertReqMsgs);
/*
* FUNCTION: CRMF_CertReqMessagesGetNumMessages
@@ -765,11 +762,11 @@ extern SECStatus
* inCertReqMsgs
* The Request Messages to operate on.
* RETURN:
- * The number of messages contained in the in the Request Messages
+ * The number of messages contained in the in the Request Messages
* strucure.
*/
-extern int
- CRMF_CertReqMessagesGetNumMessages(CRMFCertReqMessages *inCertReqMsgs);
+extern int
+CRMF_CertReqMessagesGetNumMessages(CRMFCertReqMessages *inCertReqMsgs);
/*
* FUNCTION: CRMF_CertReqMessagesGetCertReqMsgAtIndex
@@ -779,9 +776,9 @@ extern int
* index
* The index of the single message the user wants a copy of.
* NOTES:
- * This function returns a copy of the request messages stored at the
+ * This function returns a copy of the request messages stored at the
* index corresponding to the parameter 'index'. Indexing of the messages
- * is done in the same manner as a C array. Meaning the valid index are
+ * is done in the same manner as a C array. Meaning the valid index are
* 0...numMessages-1. User must call CRMF_DestroyCertReqMsg when done using
* the return value of this function.
*
@@ -790,10 +787,9 @@ extern int
* Any other return value indicates an invalid index or error while copying
* the single request message.
*/
-extern CRMFCertReqMsg*
- CRMF_CertReqMessagesGetCertReqMsgAtIndex(CRMFCertReqMessages *inReqMsgs,
- int index);
-
+extern CRMFCertReqMsg *
+CRMF_CertReqMessagesGetCertReqMsgAtIndex(CRMFCertReqMessages *inReqMsgs,
+ int index);
/*
* FUNCTION: CRMF_CertReqMsgGetID
@@ -805,12 +801,12 @@ extern CRMFCertReqMsg*
* RETURN:
* SECSuccess if the function was able to retrieve the ID and place it
* at *destID. Any other return value indicates an error meaning the value
- * in *destId is un-reliable and should not be used by the caller of this
+ * in *destId is un-reliable and should not be used by the caller of this
* function.
- *
+ *
*/
-extern SECStatus CRMF_CertReqMsgGetID(CRMFCertReqMsg *inCertReqMsg,
- long *destID);
+extern SECStatus CRMF_CertReqMsgGetID(CRMFCertReqMsg *inCertReqMsg,
+ long *destID);
/*
* FUNCTION: CRMF_DoesRequestHaveField
@@ -823,7 +819,7 @@ extern SECStatus CRMF_CertReqMsgGetID(CRMFCertReqMsg *inCertReqMsg,
* NOTES:
* All the fields in a certificate template are optional. This function
* checks to see if the requested field is present. Look in crmft.h at the
- * definition of CRMFCertTemplateField for possible values for possible
+ * definition of CRMFCertTemplateField for possible values for possible
* querying.
*
* RETURN:
@@ -831,10 +827,10 @@ extern SECStatus CRMF_CertReqMsgGetID(CRMFCertReqMsg *inCertReqMsg,
* of 'inCertReq'
* PR_FALSE iff the field corresponding to 'inField' has not been speicified
* as part of 'inCertReq'
- *
+ *
*/
-extern PRBool CRMF_DoesRequestHaveField(CRMFCertRequest *inCertReq,
- CRMFCertTemplateField inField);
+extern PRBool CRMF_DoesRequestHaveField(CRMFCertRequest *inCertReq,
+ CRMFCertTemplateField inField);
/*
* FUNCTION: CRMF_CertReqMsgGetCertRequest
@@ -849,11 +845,11 @@ extern PRBool CRMF_DoesRequestHaveField(CRMFCertRequest *inCertReq,
* pass it the request returned by this function.
* RETURN:
* A pointer to a copy of the certificate request contained by the message.
- * A NULL return value indicates an error occurred while copying the
+ * A NULL return value indicates an error occurred while copying the
* certificate request.
*/
extern CRMFCertRequest *
- CRMF_CertReqMsgGetCertRequest(CRMFCertReqMsg *inCertReqMsg);
+CRMF_CertReqMsgGetCertRequest(CRMFCertReqMsg *inCertReqMsg);
/*
* FUNCTION: CRMF_CertRequestGetCertTemplateVersion
@@ -864,15 +860,15 @@ extern CRMFCertRequest *
* A pointer to where the library can store the version contatined
* in the certificate template within the certifcate request.
* RETURN:
- * SECSuccess if the Certificate template contains the version field. In
- * this case, *version will hold the value of the certificate template
+ * SECSuccess if the Certificate template contains the version field. In
+ * this case, *version will hold the value of the certificate template
* version.
* SECFailure indicates that version field was not present as part of
* of the certificate template.
*/
-extern SECStatus
- CRMF_CertRequestGetCertTemplateVersion(CRMFCertRequest *inCertReq,
- long *version);
+extern SECStatus
+CRMF_CertRequestGetCertTemplateVersion(CRMFCertRequest *inCertReq,
+ long *version);
/*
* FUNCTION: CRMF_CertRequestGetCertTemplateSerialNumber
@@ -883,15 +879,15 @@ extern SECStatus
* A pointer where the library can put the serial number contained
* in the certificate request's certificate template.
* RETURN:
- * If a serial number exists in the CertTemplate of the request, the function
- * returns SECSuccess and the value at *serialNumber contains the serial
+ * If a serial number exists in the CertTemplate of the request, the function
+ * returns SECSuccess and the value at *serialNumber contains the serial
* number.
* If no serial number is present, then the function returns SECFailure and
* the value at *serialNumber is un-changed.
*/
-extern SECStatus
- CRMF_CertRequestGetCertTemplateSerialNumber(CRMFCertRequest *inCertReq,
- long *serialNumber);
+extern SECStatus
+CRMF_CertRequestGetCertTemplateSerialNumber(CRMFCertRequest *inCertReq,
+ long *serialNumber);
/*
* FUNCTION: CRMF_CertRequestGetCertTemplateSigningAlg
@@ -903,14 +899,14 @@ extern SECStatus
* used in the cert request's cert template.
* RETURN:
* If the signingAlg is present in the CertRequest's CertTemplate, then
- * the function returns SECSuccess and places a copy of sigingAlg in
+ * the function returns SECSuccess and places a copy of sigingAlg in
* *destAlg.
* If no signingAlg is present, then the function returns SECFailure and
* the value at *destAlg is un-changed
*/
-extern SECStatus
- CRMF_CertRequestGetCertTemplateSigningAlg(CRMFCertRequest *inCertReq,
- SECAlgorithmID *destAlg);
+extern SECStatus
+CRMF_CertRequestGetCertTemplateSigningAlg(CRMFCertRequest *inCertReq,
+ SECAlgorithmID *destAlg);
/*
* FUNCTION: CRMF_CertRequestGetCertTemplateIssuer
* INPUTS:
@@ -920,14 +916,14 @@ extern SECStatus
* A pointer to where the library can place a copy of the cert
* request's cert template issuer field.
* RETURN:
- * If the issuer is present in the cert request cert template, the function
+ * If the issuer is present in the cert request cert template, the function
* returns SECSuccess and places a copy of the issuer in *destIssuer.
* If there is no issuer present, the function returns SECFailure and the
* value at *destIssuer is unchanged.
*/
-extern SECStatus
- CRMF_CertRequestGetCertTemplateIssuer(CRMFCertRequest *inCertReq,
- CERTName *destIssuer);
+extern SECStatus
+CRMF_CertRequestGetCertTemplateIssuer(CRMFCertRequest *inCertReq,
+ CERTName *destIssuer);
/*
* FUNCTION: CRMF_CertRequestGetCertTemplateValidity
@@ -938,28 +934,28 @@ extern SECStatus
* A pointer to where the library can place a copy of the validity
* info in the cert request cert template.
* NOTES:
- * Pass the pointer to
- * RETURN:
+ * Pass the pointer to
+ * RETURN:
* If there is an OptionalValidity field, the function will return SECSuccess
- * and place the appropriate values in *destValidity->notBefore and
+ * and place the appropriate values in *destValidity->notBefore and
* *destValidity->notAfter. (Each field is optional, but at least one will
* be present if the function returns SECSuccess)
*
* If there is no OptionalValidity field, the function will return SECFailure
* and the values at *destValidity will be un-changed.
*/
-extern SECStatus
- CRMF_CertRequestGetCertTemplateValidity(CRMFCertRequest *inCertReq,
- CRMFGetValidity *destValidity);
+extern SECStatus
+CRMF_CertRequestGetCertTemplateValidity(CRMFCertRequest *inCertReq,
+ CRMFGetValidity *destValidity);
/*
* FUNCTION: CRMF_DestroyGetValidity
* INPUTS:
* inValidity
* A pointer to the memroy to be freed.
* NOTES:
- * The function will free the memory allocated by the function
+ * The function will free the memory allocated by the function
* CRMF_CertRequestGetCertTemplateValidity. That means only memory pointed
- * to within the CRMFGetValidity structure. Since
+ * to within the CRMFGetValidity structure. Since
* CRMF_CertRequestGetCertTemplateValidity does not allocate memory for the
* structure passed into it, it will not free it. Meaning this function will
* free the memory at inValidity->notBefore and inValidity->notAfter, but not
@@ -969,8 +965,8 @@ extern SECStatus
* SECSuccess if freeing the memory was successful. Any other return value
* indicates an error while freeing the memory.
*/
-extern SECStatus
- CRMF_DestroyGetValidity(CRMFGetValidity *inValidity);
+extern SECStatus
+CRMF_DestroyGetValidity(CRMFGetValidity *inValidity);
/*
* FUNCTION: CRMF_CertRequestGetCertTemplateSubject
@@ -981,15 +977,15 @@ extern SECStatus
* A pointer to where the library can place a copy of the subject
* contained in the request's cert template.
* RETURN:
- * If there is a subject in the CertTemplate, then the function returns
+ * If there is a subject in the CertTemplate, then the function returns
* SECSuccess and a copy of the subject is placed in *destSubject.
*
* If there is no subject, the function returns SECFailure and the values at
* *destSubject is unchanged.
*/
-extern SECStatus
- CRMF_CertRequestGetCertTemplateSubject (CRMFCertRequest *inCertReq,
- CERTName *destSubject);
+extern SECStatus
+CRMF_CertRequestGetCertTemplateSubject(CRMFCertRequest *inCertReq,
+ CERTName *destSubject);
/*
* FUNCTION: CRMF_CertRequestGetCertTemplatePublicKey
@@ -1006,9 +1002,9 @@ extern SECStatus
* If there is no publicKey, the function returns SECFailure and the value
* at *destPublicKey is un-changed.
*/
-extern SECStatus
- CRMF_CertRequestGetCertTemplatePublicKey(CRMFCertRequest *inCertReq,
- CERTSubjectPublicKeyInfo *destPublicKey);
+extern SECStatus
+CRMF_CertRequestGetCertTemplatePublicKey(CRMFCertRequest *inCertReq,
+ CERTSubjectPublicKeyInfo *destPublicKey);
/*
* FUNCTION: CRMF_CertRequestGetCertTemplateIssuerUID
@@ -1019,7 +1015,7 @@ extern SECStatus
* A pointer to where the library can store a copy of the request's
* cert template destIssuerUID.
*
- * NOTES:
+ * NOTES:
* destIssuerUID is a bit string and will be returned in a SECItem as
* a bit string. Meaning the len field contains the number of valid bits as
* opposed to the number of bytes allocated.
@@ -1031,9 +1027,9 @@ extern SECStatus
* If there is no issuerUID, the function returns SECFailure and the value
* *destIssuerUID is unchanged.
*/
-extern SECStatus
- CRMF_CertRequestGetCertTemplateIssuerUID(CRMFCertRequest *inCertReq,
- SECItem *destIssuerUID);
+extern SECStatus
+CRMF_CertRequestGetCertTemplateIssuerUID(CRMFCertRequest *inCertReq,
+ SECItem *destIssuerUID);
/*
* FUNCTION: CRMF_CertRequestGetCertTemplateSubjectUID
@@ -1043,7 +1039,7 @@ extern SECStatus
* A pointer to where the library can store a copy of the request's
* cert template destIssuerUID.
*
- * NOTES:
+ * NOTES:
* destSubjectUID is a bit string and will be returned in a SECItem as
* a bit string. Meaning the len field contains the number of valid bits as
* opposed to the number of bytes allocated.
@@ -1056,7 +1052,7 @@ extern SECStatus
* *destIssuerUID is unchanged.
*/
extern SECStatus CRMF_GetCertTemplateSubjectUID(CRMFCertRequest *inCertReq,
- SECItem *destSubjectUID);
+ SECItem *destSubjectUID);
/*
* FUNCTION: CRMF_CertRequestGetNumberOfExtensions
@@ -1076,20 +1072,20 @@ extern int CRMF_CertRequestGetNumberOfExtensions(CRMFCertRequest *inCertReq);
* index
* The index of the extension array whihc the user wants to access.
* NOTES:
- * This function retrieves the extension at the index corresponding to the
- * parameter "index" indicates. Indexing is done like a C array.
+ * This function retrieves the extension at the index corresponding to the
+ * parameter "index" indicates. Indexing is done like a C array.
* (0 ... numElements-1)
*
* Call CRMF_DestroyCertExtension when done using the return value.
*
* RETURN:
- * A pointer to a copy of the extension at the desired index. A NULL
- * return value indicates an invalid index or an error while copying
+ * A pointer to a copy of the extension at the desired index. A NULL
+ * return value indicates an invalid index or an error while copying
* the extension.
*/
extern CRMFCertExtension *
- CRMF_CertRequestGetExtensionAtIndex(CRMFCertRequest *inCertReq,
- int index);
+CRMF_CertRequestGetExtensionAtIndex(CRMFCertRequest *inCertReq,
+ int index);
/*
* FUNCTION: CRMF_CertExtensionGetOidTag
* INPUTS:
@@ -1112,7 +1108,7 @@ extern SECOidTag CRMF_CertExtensionGetOidTag(CRMFCertExtension *inExtension);
* PR_FALSE if the extension is not critical.
*/
extern PRBool CRMF_CertExtensionGetIsCritical(CRMFCertExtension *inExt);
-
+
/*
* FUNCTION: CRMF_CertExtensionGetValue
* INPUT:
@@ -1127,7 +1123,7 @@ extern PRBool CRMF_CertExtensionGetIsCritical(CRMFCertExtension *inExt);
* A pointer to an item containig the value for the certificate extension.
* A NULL return value indicates an error in copying the information.
*/
-extern SECItem* CRMF_CertExtensionGetValue(CRMFCertExtension *inExtension);
+extern SECItem *CRMF_CertExtensionGetValue(CRMFCertExtension *inExtension);
/*
* FUNCTION: CRMF_CertReqMsgGetPOPOSigningKey
@@ -1136,20 +1132,20 @@ extern SECItem* CRMF_CertExtensionGetValue(CRMFCertExtension *inExtension);
* The certificate request message to operate on.
* destKey
* A pointer to where the library can place a pointer to
- * a copy of the Proof Of Possession Signing Key used
+ * a copy of the Proof Of Possession Signing Key used
* by the message.
*
* RETURN:
- * Get the POPOSigningKey associated with this CRMFCertReqMsg.
+ * Get the POPOSigningKey associated with this CRMFCertReqMsg.
* If the CertReqMsg does not have a pop, the function returns
* SECFailure and the value at *destKey is un-changed..
*
- * If the CertReqMsg does have a pop, then the CertReqMsg's
+ * If the CertReqMsg does have a pop, then the CertReqMsg's
* POPOSigningKey will be placed at *destKey.
*/
-extern SECStatus
- CRMF_CertReqMsgGetPOPOSigningKey(CRMFCertReqMsg *inCertReqMsg,
- CRMFPOPOSigningKey **destKey);
+extern SECStatus
+CRMF_CertReqMsgGetPOPOSigningKey(CRMFCertReqMsg *inCertReqMsg,
+ CRMFPOPOSigningKey **destKey);
/*
* FUNCTION: CRMF_DestroyPOPOSigningKey
@@ -1161,7 +1157,7 @@ extern SECStatus
* SECSuccess if freeing the memory was successful. Any other return value
* indicates an error while freeing memory.
*/
-extern SECStatus CRMF_DestroyPOPOSigningKey (CRMFPOPOSigningKey *inKey);
+extern SECStatus CRMF_DestroyPOPOSigningKey(CRMFPOPOSigningKey *inKey);
/*
* FUNCTION: CRMF_POPOSigningKeyGetAlgID
@@ -1173,8 +1169,8 @@ extern SECStatus CRMF_DestroyPOPOSigningKey (CRMFPOPOSigningKey *inKey);
* call SECOID_DestroyAlgorithmID(destID, PR_TRUE) when done using the
* return value.
*/
-extern SECAlgorithmID*
- CRMF_POPOSigningKeyGetAlgID(CRMFPOPOSigningKey *inSignKey);
+extern SECAlgorithmID *
+CRMF_POPOSigningKeyGetAlgID(CRMFPOPOSigningKey *inSignKey);
/*
* FUNCTION: CRMF_POPOSigningKeyGetSignature
@@ -1182,13 +1178,13 @@ extern SECAlgorithmID*
* inSignKey
* The Signing Key to operate on.
*
- * RETURN:
+ * RETURN:
* Get the actual signature stored away in the CRMFPOPOSigningKey. SECItem
* returned is a BIT STRING, so the len field is the number of bits as opposed
- * to the total number of bytes allocatd. User must call
+ * to the total number of bytes allocatd. User must call
* SECITEM_FreeItem(retVal,PR_TRUE) when done using the return value.
*/
-extern SECItem* CRMF_POPOSigningKeyGetSignature(CRMFPOPOSigningKey *inSignKey);
+extern SECItem *CRMF_POPOSigningKeyGetSignature(CRMFPOPOSigningKey *inSignKey);
/*
* FUNCTION: CRMF_POPOSigningKeyGetInput
@@ -1196,7 +1192,7 @@ extern SECItem* CRMF_POPOSigningKeyGetSignature(CRMFPOPOSigningKey *inSignKey);
* inSignKey
* The Signing Key to operate on.
* NOTES:
- * This function will return the der encoded input that was read in while
+ * This function will return the der encoded input that was read in while
* decoding. The API does not support this option when creating, so you
* cannot add this field.
*
@@ -1208,7 +1204,7 @@ extern SECItem* CRMF_POPOSigningKeyGetSignature(CRMFPOPOSigningKey *inSignKey);
* If the optional field is part of the POPOSingingKey, the function will
* return a copy of the der encoded poposkInput.
*/
-extern SECItem* CRMF_POPOSigningKeyGetInput(CRMFPOPOSigningKey *inSignKey);
+extern SECItem *CRMF_POPOSigningKeyGetInput(CRMFPOPOSigningKey *inSignKey);
/*
* FUNCTION: CRMF_CertReqMsgGetPOPKeyEncipherment
@@ -1216,12 +1212,12 @@ extern SECItem* CRMF_POPOSigningKeyGetInput(CRMFPOPOSigningKey *inSignKey);
* inCertReqMsg
* The certificate request message to operate on.
* destKey
- * A pointer to where the library can place a pointer to a
- * copy of the POPOPrivKey representing Key Encipherment
+ * A pointer to where the library can place a pointer to a
+ * copy of the POPOPrivKey representing Key Encipherment
* Proof of Possession.
*NOTES:
- * This function gets the POPOPrivKey associated with this CRMFCertReqMsg
- * for Key Encipherment.
+ * This function gets the POPOPrivKey associated with this CRMFCertReqMsg
+ * for Key Encipherment.
*
* RETURN:
* If the CertReqMsg did not use Key Encipherment for Proof Of Possession, the
@@ -1231,9 +1227,9 @@ extern SECItem* CRMF_POPOSigningKeyGetInput(CRMFPOPOSigningKey *inSignKey);
* function returns SECSuccess and places the POPOPrivKey representing the
* Key Encipherment Proof Of Possessin at *destKey.
*/
-extern SECStatus
- CRMF_CertReqMsgGetPOPKeyEncipherment(CRMFCertReqMsg *inCertReqMsg,
- CRMFPOPOPrivKey **destKey);
+extern SECStatus
+CRMF_CertReqMsgGetPOPKeyEncipherment(CRMFCertReqMsg *inCertReqMsg,
+ CRMFPOPOPrivKey **destKey);
/*
* FUNCTION: CRMF_CertReqMsgGetPOPKeyAgreement
@@ -1241,12 +1237,12 @@ extern SECStatus
* inCertReqMsg
* The certificate request message to operate on.
* destKey
- * A pointer to where the library can place a pointer to a
- * copy of the POPOPrivKey representing Key Agreement
+ * A pointer to where the library can place a pointer to a
+ * copy of the POPOPrivKey representing Key Agreement
* Proof of Possession.
* NOTES:
- * This function gets the POPOPrivKey associated with this CRMFCertReqMsg for
- * Key Agreement.
+ * This function gets the POPOPrivKey associated with this CRMFCertReqMsg for
+ * Key Agreement.
*
* RETURN:
* If the CertReqMsg used Key Agreement for Proof Of Possession, the
@@ -1256,11 +1252,11 @@ extern SECStatus
* If the CertReqMsg did not use Key Agreement for Proof Of Possession, the
* function return SECFailure and the value at *destKey is unchanged.
*/
-extern SECStatus
- CRMF_CertReqMsgGetPOPKeyAgreement(CRMFCertReqMsg *inCertReqMsg,
- CRMFPOPOPrivKey **destKey);
+extern SECStatus
+CRMF_CertReqMsgGetPOPKeyAgreement(CRMFCertReqMsg *inCertReqMsg,
+ CRMFPOPOPrivKey **destKey);
-/*
+/*
* FUNCTION: CRMF_DestroyPOPOPrivKey
* INPUTS:
* inPrivKey
@@ -1271,12 +1267,12 @@ extern SECStatus
*
* RETURN:
* SECSuccess on successful destruction of the POPOPrivKey.
- * Any other return value indicates an error in freeing the
+ * Any other return value indicates an error in freeing the
* memory.
*/
extern SECStatus CRMF_DestroyPOPOPrivKey(CRMFPOPOPrivKey *inPrivKey);
-/*
+/*
* FUNCTION: CRMF_POPOPrivKeyGetChoice
* INPUT:
* inKey
@@ -1298,7 +1294,7 @@ extern CRMFPOPOPrivKeyChoice CRMF_POPOPrivKeyGetChoice(CRMFPOPOPrivKey *inKey);
* field stored in the POPOPrivKey
*
* RETURN:
- * Returns the field thisMessage from the POPOPrivKey.
+ * Returns the field thisMessage from the POPOPrivKey.
* If the POPOPrivKey did not use the field thisMessage, the function
* returns SECFailure and the value at *destString is unchanged.
*
@@ -1307,8 +1303,8 @@ extern CRMFPOPOPrivKeyChoice CRMF_POPOPrivKeyGetChoice(CRMFPOPOPrivKey *inKey);
* at *destString. BIT STRING representation means the len field is the
* number of valid bits as opposed to the total number of bytes.
*/
-extern SECStatus CRMF_POPOPrivKeyGetThisMessage(CRMFPOPOPrivKey *inKey,
- SECItem *destString);
+extern SECStatus CRMF_POPOPrivKeyGetThisMessage(CRMFPOPOPrivKey *inKey,
+ SECItem *destString);
/*
* FUNCTION: CRMF_POPOPrivKeyGetSubseqMess
@@ -1316,20 +1312,20 @@ extern SECStatus CRMF_POPOPrivKeyGetThisMessage(CRMFPOPOPrivKey *inKey,
* inKey
* The POPOPrivKey to operate on.
* destOpt
- * A pointer to where the library can place the value of the
+ * A pointer to where the library can place the value of the
* Subsequent Message option used by POPOPrivKey.
*
* RETURN:
- * Retrieves the field subsequentMessage from the POPOPrivKey.
- * If the POPOPrivKey used the subsequentMessage option, the function
+ * Retrieves the field subsequentMessage from the POPOPrivKey.
+ * If the POPOPrivKey used the subsequentMessage option, the function
* returns SECSuccess and places the appropriate enumerated value at
* *destMessageOption.
*
* If the POPOPrivKey did not use the subsequenMessage option, the function
* returns SECFailure and the value at *destOpt is un-changed.
*/
-extern SECStatus CRMF_POPOPrivKeyGetSubseqMess(CRMFPOPOPrivKey *inKey,
- CRMFSubseqMessOptions *destOpt);
+extern SECStatus CRMF_POPOPrivKeyGetSubseqMess(CRMFPOPOPrivKey *inKey,
+ CRMFSubseqMessOptions *destOpt);
/*
* FUNCTION: CRMF_POPOPrivKeyGetDHMAC
@@ -1339,9 +1335,9 @@ extern SECStatus CRMF_POPOPrivKeyGetSubseqMess(CRMFPOPOPrivKey *inKey,
* destMAC
* A pointer to where the library can place a copy of the dhMAC
* field of the POPOPrivKey.
- *
+ *
* NOTES:
- * Returns the field dhMAC from the POPOPrivKey. The populated SECItem
+ * Returns the field dhMAC from the POPOPrivKey. The populated SECItem
* is in BIT STRING format.
*
* RETURN:
@@ -1352,20 +1348,20 @@ extern SECStatus CRMF_POPOPrivKeyGetSubseqMess(CRMFPOPOPrivKey *inKey,
*
* If the POPOPrivKey did not use the dhMAC option, the function returns
* SECFailure and the value at *destMAC is unchanged.
- *
+ *
*/
extern SECStatus CRMF_POPOPrivKeyGetDHMAC(CRMFPOPOPrivKey *inKey,
- SECItem *destMAC);
+ SECItem *destMAC);
/*
* FUNCTION: CRMF_CertRequestGetNumControls
- * INPUTS:
+ * INPUTS:
* inCertReq
* The Certificate Request to operate on.
* RETURN:
* Returns the number of Controls registered with this CertRequest.
*/
-extern int CRMF_CertRequestGetNumControls (CRMFCertRequest *inCertReq);
+extern int CRMF_CertRequestGetNumControls(CRMFCertRequest *inCertReq);
/*
* FUNCTION: CRMF_CertRequestGetControlAtIndex
@@ -1375,18 +1371,18 @@ extern int CRMF_CertRequestGetNumControls (CRMFCertRequest *inCertReq);
* index
* The index of the control the user wants a copy of.
* NOTES:
- * Function retrieves the Control at located at index. The Controls
+ * Function retrieves the Control at located at index. The Controls
* are numbered like a traditional C array (0 ... numElements-1)
*
* RETURN:
* Returns a copy of the control at the index specified. This is a copy
- * so the user must call CRMF_DestroyControl after the return value is no
+ * so the user must call CRMF_DestroyControl after the return value is no
* longer needed. A return value of NULL indicates an error while copying
* the control or that the index was invalid.
*/
-extern CRMFControl*
- CRMF_CertRequestGetControlAtIndex(CRMFCertRequest *inCertReq,
- int index);
+extern CRMFControl *
+CRMF_CertRequestGetControlAtIndex(CRMFCertRequest *inCertReq,
+ int index);
/*
* FUNCTION: CRMF_DestroyControl
@@ -1431,11 +1427,11 @@ extern CRMFControlType CRMF_ControlGetControlType(CRMFControl *inControl);
* The SECItem returned should be in UTF8 format. A NULL
* return value indicates there was no Registration Control associated
* with the Control.
- * (This library will not verify format. It assumes the client properly
- * formatted the strings when adding it or the message decoded was properly
+ * (This library will not verify format. It assumes the client properly
+ * formatted the strings when adding it or the message decoded was properly
* formatted. The library will just give back the bytes it was given.)
*/
-extern SECItem* CRMF_ControlGetRegTokenControlValue(CRMFControl *inControl);
+extern SECItem *CRMF_ControlGetRegTokenControlValue(CRMFControl *inControl);
/*
* FUNCTION: CRMF_ControlGetAuthenticatorControlValue
@@ -1451,11 +1447,11 @@ extern SECItem* CRMF_ControlGetRegTokenControlValue(CRMFControl *inControl);
* The SECItem returned should be in UTF8 format. A NULL
* return value indicates there was no Authenticator Control associated
* with the CRMFControl..
- * (This library will not verify format. It assumes the client properly
- * formatted the strings when adding it or the message decoded was properly
+ * (This library will not verify format. It assumes the client properly
+ * formatted the strings when adding it or the message decoded was properly
* formatted. The library will just give back the bytes it was given.)
*/
-extern SECItem* CRMF_ControlGetAuthicatorControlValue(CRMFControl *inControl);
+extern SECItem *CRMF_ControlGetAuthicatorControlValue(CRMFControl *inControl);
/*
* FUNCTION: CRMF_ControlGetPKIArchiveOptions
@@ -1468,12 +1464,12 @@ extern SECItem* CRMF_ControlGetAuthicatorControlValue(CRMFControl *inControl);
*
* RETURN:
* Get the PKIArchiveOptions associated with the Control. A return
- * value of NULL indicates the Control was not a PKIArchiveOptions
+ * value of NULL indicates the Control was not a PKIArchiveOptions
* Control.
*/
-extern CRMFPKIArchiveOptions*
- CRMF_ControlGetPKIArchiveOptions(CRMFControl *inControl);
-
+extern CRMFPKIArchiveOptions *
+CRMF_ControlGetPKIArchiveOptions(CRMFControl *inControl);
+
/*
* FUNCTION: CMRF_DestroyPKIArchiveOptions
* INPUTS:
@@ -1483,12 +1479,12 @@ extern CRMFPKIArchiveOptions*
* Destroy the CRMFPKIArchiveOptions structure.
*
* RETURN:
- * SECSuccess if successful in freeing all the memory associated with
+ * SECSuccess if successful in freeing all the memory associated with
* the PKIArchiveOptions. Any other return value indicates an error while
* freeing the PKIArchiveOptions.
*/
-extern SECStatus
- CRMF_DestroyPKIArchiveOptions(CRMFPKIArchiveOptions *inOptions);
+extern SECStatus
+CRMF_DestroyPKIArchiveOptions(CRMFPKIArchiveOptions *inOptions);
/*
* FUNCTION: CRMF_PKIArchiveOptionsGetOptionType
@@ -1500,14 +1496,14 @@ extern SECStatus
* of CRMFPKIArchiveOptionsType in crmft.h for possible return values.
*/
extern CRMFPKIArchiveOptionsType
- CRMF_PKIArchiveOptionsGetOptionType(CRMFPKIArchiveOptions *inOptions);
+CRMF_PKIArchiveOptionsGetOptionType(CRMFPKIArchiveOptions *inOptions);
/*
* FUNCTION: CRMF_PKIArchiveOptionsGetEncryptedPrivKey
* INPUTS:
* inOpts
* The PKIArchiveOptions to operate on.
- *
+ *
* NOTES:
* The user must call CRMF_DestroyEncryptedKey when done using this return
* value.
@@ -1517,8 +1513,8 @@ extern CRMFPKIArchiveOptionsType
* A return value of NULL indicates that encryptedPrivKey was not used as
* the choice for this PKIArchiveOptions.
*/
-extern CRMFEncryptedKey*
- CRMF_PKIArchiveOptionsGetEncryptedPrivKey(CRMFPKIArchiveOptions *inOpts);
+extern CRMFEncryptedKey *
+CRMF_PKIArchiveOptionsGetEncryptedPrivKey(CRMFPKIArchiveOptions *inOpts);
/*
* FUNCTION: CRMF_EncryptedKeyGetChoice
@@ -1530,13 +1526,12 @@ extern CRMFEncryptedKey*
* Get the choice used for representing the EncryptedKey.
*
* RETURN:
- * Returns the Choice used in representing the EncryptedKey. Look in
+ * Returns the Choice used in representing the EncryptedKey. Look in
* crmft.h at the definition of CRMFEncryptedKeyChoice for possible return
* values.
*/
-extern CRMFEncryptedKeyChoice
- CRMF_EncryptedKeyGetChoice(CRMFEncryptedKey *inEncrKey);
-
+extern CRMFEncryptedKeyChoice
+CRMF_EncryptedKeyGetChoice(CRMFEncryptedKey *inEncrKey);
/*
* FUNCTION: CRMF_EncryptedKeyGetEncryptedValue
@@ -1545,15 +1540,15 @@ extern CRMFEncryptedKeyChoice
* The EncryptedKey to operate on.
*
* NOTES:
- * The user must call CRMF_DestroyEncryptedValue passing in
+ * The user must call CRMF_DestroyEncryptedValue passing in
* CRMF_GetEncryptedValue's return value.
*
* RETURN:
* A pointer to a copy of the EncryptedValue contained as a member of
* the EncryptedKey.
*/
-extern CRMFEncryptedValue*
- CRMF_EncryptedKeyGetEncryptedValue(CRMFEncryptedKey *inKey);
+extern CRMFEncryptedValue *
+CRMF_EncryptedKeyGetEncryptedValue(CRMFEncryptedKey *inKey);
/*
* FUNCTION: CRMF_DestroyEncryptedValue
@@ -1586,7 +1581,7 @@ extern SECStatus CRMF_DestroyEncryptedValue(CRMFEncryptedValue *inEncrValue);
* as opposed to the allocated number of bytes.
* ANULL return value indicates an error in copying the encValue field.
*/
-extern SECItem* CRMF_EncryptedValueGetEncValue(CRMFEncryptedValue *inEncValue);
+extern SECItem *CRMF_EncryptedValueGetEncValue(CRMFEncryptedValue *inEncValue);
/*
* FUNCTION: CRMF_EncryptedValueGetIntendedAlg
@@ -1603,9 +1598,8 @@ extern SECItem* CRMF_EncryptedValueGetEncValue(CRMFEncryptedValue *inEncValue);
* A Copy of the intendedAlg field. A NULL return value indicates the
* optional field was not present in the structure.
*/
-extern SECAlgorithmID*
- CRMF_EncryptedValueGetIntendedAlg(CRMFEncryptedValue *inEncValue);
-
+extern SECAlgorithmID *
+CRMF_EncryptedValueGetIntendedAlg(CRMFEncryptedValue *inEncValue);
/*
* FUNCTION: CRMF_EncryptedValueGetSymmAlg
@@ -1622,9 +1616,8 @@ extern SECAlgorithmID*
* A Copy of the symmAlg field. A NULL return value indicates the
* optional field was not present in the structure.
*/
-extern SECAlgorithmID*
- CRMF_EncryptedValueGetSymmAlg(CRMFEncryptedValue *inEncValue);
-
+extern SECAlgorithmID *
+CRMF_EncryptedValueGetSymmAlg(CRMFEncryptedValue *inEncValue);
/*
* FUNCTION: CRMF_EncryptedValueGetKeyAlg
@@ -1641,8 +1634,8 @@ extern SECAlgorithmID*
* A Copy of the keyAlg field. A NULL return value indicates the
* optional field was not present in the structure.
*/
-extern SECAlgorithmID*
- CRMF_EncryptedValueGetKeyAlg(CRMFEncryptedValue *inEncValue);
+extern SECAlgorithmID *
+CRMF_EncryptedValueGetKeyAlg(CRMFEncryptedValue *inEncValue);
/*
* FUNCTION: CRMF_EncryptedValueGetValueHint
@@ -1662,12 +1655,12 @@ extern SECAlgorithmID*
* value indicates the optional valueHint field is not present in the
* EncryptedValue.
*/
-extern SECItem*
- CRMF_EncryptedValueGetValueHint(CRMFEncryptedValue *inEncValue);
+extern SECItem *
+CRMF_EncryptedValueGetValueHint(CRMFEncryptedValue *inEncValue);
/*
* FUNCTION: CRMF_EncrypteValueGetEncSymmKey
- * INPUTS:
+ * INPUTS:
* inEncValue
* The EncryptedValue to operate on.
*
@@ -1676,19 +1669,19 @@ extern SECItem*
* symmetric key that the client uses in doing Public Key wrap of a private
* key. When present, this is the symmetric key that was used to wrap the
* private key. (The encrypted private key will be stored in encValue
- * of the same EncryptedValue structure.) The user must call
+ * of the same EncryptedValue structure.) The user must call
* SECITEM_FreeItem(retVal, PR_TRUE) when the return value is no longer
* needed.
*
* RETURN:
* A copy of the optional encSymmKey field of the EncryptedValue structure.
* The return value will be in BIT STRING format, meaning the len field will
- * be the number of valid bits as opposed to the number of bytes. A return
+ * be the number of valid bits as opposed to the number of bytes. A return
* value of NULL means the optional encSymmKey field was not present in
* the EncryptedValue structure.
*/
-extern SECItem*
- CRMF_EncryptedValueGetEncSymmKey(CRMFEncryptedValue *inEncValue);
+extern SECItem *
+CRMF_EncryptedValueGetEncSymmKey(CRMFEncryptedValue *inEncValue);
/*
* FUNCTION: CRMF_PKIArchiveOptionsGetKeyGenParameters
@@ -1697,19 +1690,19 @@ extern SECItem*
* The PKiArchiveOptions to operate on.
*
* NOTES:
- * User must call SECITEM_FreeItem(retVal, PR_TRUE) after the return
+ * User must call SECITEM_FreeItem(retVal, PR_TRUE) after the return
* value is no longer needed.
*
* RETURN:
* Get the keyGenParameters field of the PKIArchiveOptions.
- * A NULL return value indicates that keyGenParameters was not
+ * A NULL return value indicates that keyGenParameters was not
* used as the choice for this PKIArchiveOptions.
*
* The SECItem returned is in BIT STRING format (ie, the len field indicates
* number of valid bits as opposed to allocated number of bytes.)
*/
-extern SECItem*
- CRMF_PKIArchiveOptionsGetKeyGenParameters(CRMFPKIArchiveOptions *inOptions);
+extern SECItem *
+CRMF_PKIArchiveOptionsGetKeyGenParameters(CRMFPKIArchiveOptions *inOptions);
/*
* FUNCTION: CRMF_PKIArchiveOptionsGetArchiveRemGenPrivKey
@@ -1717,34 +1710,32 @@ extern SECItem*
* inOpt
* The PKIArchiveOptions to operate on.
* destVal
- * A pointer to where the library can place the value for
+ * A pointer to where the library can place the value for
* arciveRemGenPrivKey
* RETURN:
* If the PKIArchiveOptions used the archiveRemGenPrivKey field, the
* function returns SECSuccess and fills the value at *destValue with either
- * PR_TRUE or PR_FALSE, depending on what the PKIArchiveOptions has as a
- * value.
+ * PR_TRUE or PR_FALSE, depending on what the PKIArchiveOptions has as a
+ * value.
*
* If the PKIArchiveOptions does not use the archiveRemGenPrivKey field, the
* function returns SECFailure and the value at *destValue is unchanged.
*/
-extern SECStatus
- CRMF_PKIArchiveOptionsGetArchiveRemGenPrivKey(CRMFPKIArchiveOptions *inOpt,
- PRBool *destVal);
+extern SECStatus
+CRMF_PKIArchiveOptionsGetArchiveRemGenPrivKey(CRMFPKIArchiveOptions *inOpt,
+ PRBool *destVal);
/* Helper functions that can be used by other libraries. */
/*
* A quick helper function to get the best wrap mechanism.
*/
-extern CK_MECHANISM_TYPE CRMF_GetBestWrapPadMechanism(PK11SlotInfo *slot);
+extern CK_MECHANISM_TYPE CRMF_GetBestWrapPadMechanism(PK11SlotInfo *slot);
/*
- * A helper function to get a randomly generated IV from a mechanism
+ * A helper function to get a randomly generated IV from a mechanism
* type.
*/
-extern SECItem* CRMF_GetIVFromMechanism(CK_MECHANISM_TYPE mechType);
-
+extern SECItem *CRMF_GetIVFromMechanism(CK_MECHANISM_TYPE mechType);
+
SEC_END_PROTOS
#endif /*_CRMF_H_*/
-
-
diff --git a/lib/crmf/crmfcont.c b/lib/crmf/crmfcont.c
index 4e274d32c..6c7c10580 100644
--- a/lib/crmf/crmfcont.c
+++ b/lib/crmf/crmfcont.c
@@ -10,32 +10,33 @@
#include "secoid.h"
static SECStatus
-crmf_modify_control_array (CRMFCertRequest *inCertReq, int count)
+crmf_modify_control_array(CRMFCertRequest *inCertReq, int count)
{
if (count > 0) {
- void *dummy = PORT_Realloc(inCertReq->controls,
- sizeof(CRMFControl*)*(count+2));
- if (dummy == NULL) {
- return SECFailure;
- }
- inCertReq->controls = dummy;
- } else {
- inCertReq->controls = PORT_ZNewArray(CRMFControl*, 2);
- }
- return (inCertReq->controls == NULL) ? SECFailure : SECSuccess ;
+ void *dummy = PORT_Realloc(inCertReq->controls,
+ sizeof(CRMFControl *) * (count + 2));
+ if (dummy == NULL) {
+ return SECFailure;
+ }
+ inCertReq->controls = dummy;
+ }
+ else {
+ inCertReq->controls = PORT_ZNewArray(CRMFControl *, 2);
+ }
+ return (inCertReq->controls == NULL) ? SECFailure : SECSuccess;
}
static SECStatus
-crmf_add_new_control(CRMFCertRequest *inCertReq,SECOidTag inTag,
- CRMFControl **destControl)
+crmf_add_new_control(CRMFCertRequest *inCertReq, SECOidTag inTag,
+ CRMFControl **destControl)
{
- SECOidData *oidData;
- SECStatus rv;
+ SECOidData *oidData;
+ SECStatus rv;
PLArenaPool *poolp;
- int numControls = 0;
+ int numControls = 0;
CRMFControl *newControl;
CRMFControl **controls;
- void *mark;
+ void *mark;
poolp = inCertReq->poolp;
if (poolp == NULL) {
@@ -44,7 +45,7 @@ crmf_add_new_control(CRMFCertRequest *inCertReq,SECOidTag inTag,
mark = PORT_ArenaMark(poolp);
if (inCertReq->controls != NULL) {
while (inCertReq->controls[numControls] != NULL)
- numControls++;
+ numControls++;
}
rv = crmf_modify_control_array(inCertReq, numControls);
if (rv != SECSuccess) {
@@ -52,7 +53,7 @@ crmf_add_new_control(CRMFCertRequest *inCertReq,SECOidTag inTag,
}
controls = inCertReq->controls;
oidData = SECOID_FindOIDByTag(inTag);
- newControl = *destControl = PORT_ArenaZNew(poolp,CRMFControl);
+ newControl = *destControl = PORT_ArenaZNew(poolp, CRMFControl);
if (newControl == NULL) {
goto loser;
}
@@ -62,24 +63,23 @@ crmf_add_new_control(CRMFCertRequest *inCertReq,SECOidTag inTag,
}
newControl->tag = inTag;
controls[numControls] = newControl;
- controls[numControls+1] = NULL;
+ controls[numControls + 1] = NULL;
PORT_ArenaUnmark(poolp, mark);
return SECSuccess;
- loser:
+loser:
PORT_ArenaRelease(poolp, mark);
*destControl = NULL;
return SECFailure;
-
}
static SECStatus
crmf_add_secitem_control(CRMFCertRequest *inCertReq, SECItem *value,
- SECOidTag inTag)
+ SECOidTag inTag)
{
- SECStatus rv;
+ SECStatus rv;
CRMFControl *newControl;
- void *mark;
+ void *mark;
rv = crmf_add_new_control(inCertReq, inTag, &newControl);
if (rv != SECSuccess) {
@@ -89,7 +89,7 @@ crmf_add_secitem_control(CRMFCertRequest *inCertReq, SECItem *value,
rv = SECITEM_CopyItem(inCertReq->poolp, &newControl->derValue, value);
if (rv != SECSuccess) {
PORT_ArenaRelease(inCertReq->poolp, mark);
- return rv;
+ return rv;
}
PORT_ArenaUnmark(inCertReq->poolp, mark);
return SECSuccess;
@@ -98,16 +98,16 @@ crmf_add_secitem_control(CRMFCertRequest *inCertReq, SECItem *value,
SECStatus
CRMF_CertRequestSetRegTokenControl(CRMFCertRequest *inCertReq, SECItem *value)
{
- return crmf_add_secitem_control(inCertReq, value,
- SEC_OID_PKIX_REGCTRL_REGTOKEN);
+ return crmf_add_secitem_control(inCertReq, value,
+ SEC_OID_PKIX_REGCTRL_REGTOKEN);
}
SECStatus
-CRMF_CertRequestSetAuthenticatorControl (CRMFCertRequest *inCertReq,
- SECItem *value)
+CRMF_CertRequestSetAuthenticatorControl(CRMFCertRequest *inCertReq,
+ SECItem *value)
{
- return crmf_add_secitem_control(inCertReq, value,
- SEC_OID_PKIX_REGCTRL_AUTHENTICATOR);
+ return crmf_add_secitem_control(inCertReq, value,
+ SEC_OID_PKIX_REGCTRL_AUTHENTICATOR);
}
SECStatus
@@ -115,32 +115,32 @@ crmf_destroy_encrypted_value(CRMFEncryptedValue *inEncrValue, PRBool freeit)
{
if (inEncrValue != NULL) {
if (inEncrValue->intendedAlg) {
- SECOID_DestroyAlgorithmID(inEncrValue->intendedAlg, PR_TRUE);
- inEncrValue->intendedAlg = NULL;
- }
- if (inEncrValue->symmAlg) {
- SECOID_DestroyAlgorithmID(inEncrValue->symmAlg, PR_TRUE);
- inEncrValue->symmAlg = NULL;
- }
+ SECOID_DestroyAlgorithmID(inEncrValue->intendedAlg, PR_TRUE);
+ inEncrValue->intendedAlg = NULL;
+ }
+ if (inEncrValue->symmAlg) {
+ SECOID_DestroyAlgorithmID(inEncrValue->symmAlg, PR_TRUE);
+ inEncrValue->symmAlg = NULL;
+ }
if (inEncrValue->encSymmKey.data) {
- PORT_Free(inEncrValue->encSymmKey.data);
- inEncrValue->encSymmKey.data = NULL;
- }
- if (inEncrValue->keyAlg) {
- SECOID_DestroyAlgorithmID(inEncrValue->keyAlg, PR_TRUE);
- inEncrValue->keyAlg = NULL;
- }
- if (inEncrValue->valueHint.data) {
- PORT_Free(inEncrValue->valueHint.data);
- inEncrValue->valueHint.data = NULL;
- }
+ PORT_Free(inEncrValue->encSymmKey.data);
+ inEncrValue->encSymmKey.data = NULL;
+ }
+ if (inEncrValue->keyAlg) {
+ SECOID_DestroyAlgorithmID(inEncrValue->keyAlg, PR_TRUE);
+ inEncrValue->keyAlg = NULL;
+ }
+ if (inEncrValue->valueHint.data) {
+ PORT_Free(inEncrValue->valueHint.data);
+ inEncrValue->valueHint.data = NULL;
+ }
if (inEncrValue->encValue.data) {
- PORT_Free(inEncrValue->encValue.data);
- inEncrValue->encValue.data = NULL;
- }
- if (freeit) {
- PORT_Free(inEncrValue);
- }
+ PORT_Free(inEncrValue->encValue.data);
+ inEncrValue->encValue.data = NULL;
+ }
+ if (freeit) {
+ PORT_Free(inEncrValue);
+ }
}
return SECSuccess;
}
@@ -152,19 +152,19 @@ CRMF_DestroyEncryptedValue(CRMFEncryptedValue *inEncrValue)
}
SECStatus
-crmf_copy_encryptedvalue_secalg(PLArenaPool *poolp,
- SECAlgorithmID *srcAlgId,
- SECAlgorithmID **destAlgId)
+crmf_copy_encryptedvalue_secalg(PLArenaPool *poolp,
+ SECAlgorithmID *srcAlgId,
+ SECAlgorithmID **destAlgId)
{
SECAlgorithmID *newAlgId;
SECStatus rv;
newAlgId = (poolp != NULL) ? PORT_ArenaZNew(poolp, SECAlgorithmID) :
- PORT_ZNew(SECAlgorithmID);
+ PORT_ZNew(SECAlgorithmID);
if (newAlgId == NULL) {
return SECFailure;
}
-
+
rv = SECOID_CopyAlgorithmID(poolp, newAlgId, srcAlgId);
if (rv != SECSuccess) {
if (!poolp) {
@@ -173,121 +173,121 @@ crmf_copy_encryptedvalue_secalg(PLArenaPool *poolp,
return rv;
}
*destAlgId = newAlgId;
-
+
return rv;
}
SECStatus
-crmf_copy_encryptedvalue(PLArenaPool *poolp,
- CRMFEncryptedValue *srcValue,
- CRMFEncryptedValue *destValue)
+crmf_copy_encryptedvalue(PLArenaPool *poolp,
+ CRMFEncryptedValue *srcValue,
+ CRMFEncryptedValue *destValue)
{
- SECStatus rv;
+ SECStatus rv;
if (srcValue->intendedAlg != NULL) {
rv = crmf_copy_encryptedvalue_secalg(poolp,
- srcValue->intendedAlg,
- &destValue->intendedAlg);
- if (rv != SECSuccess) {
- goto loser;
- }
+ srcValue->intendedAlg,
+ &destValue->intendedAlg);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
}
if (srcValue->symmAlg != NULL) {
- rv = crmf_copy_encryptedvalue_secalg(poolp,
- srcValue->symmAlg,
- &destValue->symmAlg);
- if (rv != SECSuccess) {
- goto loser;
- }
+ rv = crmf_copy_encryptedvalue_secalg(poolp,
+ srcValue->symmAlg,
+ &destValue->symmAlg);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
}
if (srcValue->encSymmKey.data != NULL) {
- rv = crmf_make_bitstring_copy(poolp,
- &destValue->encSymmKey,
- &srcValue->encSymmKey);
- if (rv != SECSuccess) {
- goto loser;
- }
+ rv = crmf_make_bitstring_copy(poolp,
+ &destValue->encSymmKey,
+ &srcValue->encSymmKey);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
}
if (srcValue->keyAlg != NULL) {
rv = crmf_copy_encryptedvalue_secalg(poolp,
- srcValue->keyAlg,
- &destValue->keyAlg);
- if (rv != SECSuccess) {
- goto loser;
- }
+ srcValue->keyAlg,
+ &destValue->keyAlg);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
}
if (srcValue->valueHint.data != NULL) {
- rv = SECITEM_CopyItem(poolp,
- &destValue->valueHint,
- &srcValue->valueHint);
- if (rv != SECSuccess) {
- goto loser;
- }
+ rv = SECITEM_CopyItem(poolp,
+ &destValue->valueHint,
+ &srcValue->valueHint);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
}
if (srcValue->encValue.data != NULL) {
rv = crmf_make_bitstring_copy(poolp,
- &destValue->encValue,
- &srcValue->encValue);
- if (rv != SECSuccess) {
- goto loser;
- }
+ &destValue->encValue,
+ &srcValue->encValue);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
}
return SECSuccess;
- loser:
+loser:
if (poolp == NULL && destValue != NULL) {
crmf_destroy_encrypted_value(destValue, PR_FALSE);
}
return SECFailure;
}
-SECStatus
-crmf_copy_encryptedkey(PLArenaPool *poolp,
- CRMFEncryptedKey *srcEncrKey,
- CRMFEncryptedKey *destEncrKey)
+SECStatus
+crmf_copy_encryptedkey(PLArenaPool *poolp,
+ CRMFEncryptedKey *srcEncrKey,
+ CRMFEncryptedKey *destEncrKey)
{
- SECStatus rv;
- void *mark = NULL;
+ SECStatus rv;
+ void *mark = NULL;
if (poolp != NULL) {
mark = PORT_ArenaMark(poolp);
}
switch (srcEncrKey->encKeyChoice) {
- case crmfEncryptedValueChoice:
- rv = crmf_copy_encryptedvalue(poolp,
- &srcEncrKey->value.encryptedValue,
- &destEncrKey->value.encryptedValue);
- break;
- case crmfEnvelopedDataChoice:
- destEncrKey->value.envelopedData =
- SEC_PKCS7CopyContentInfo(srcEncrKey->value.envelopedData);
- rv = (destEncrKey->value.envelopedData != NULL) ? SECSuccess:
- SECFailure;
- break;
- default:
- rv = SECFailure;
+ case crmfEncryptedValueChoice:
+ rv = crmf_copy_encryptedvalue(poolp,
+ &srcEncrKey->value.encryptedValue,
+ &destEncrKey->value.encryptedValue);
+ break;
+ case crmfEnvelopedDataChoice:
+ destEncrKey->value.envelopedData =
+ SEC_PKCS7CopyContentInfo(srcEncrKey->value.envelopedData);
+ rv = (destEncrKey->value.envelopedData != NULL) ? SECSuccess :
+ SECFailure;
+ break;
+ default:
+ rv = SECFailure;
}
if (rv != SECSuccess) {
goto loser;
}
destEncrKey->encKeyChoice = srcEncrKey->encKeyChoice;
if (mark) {
- PORT_ArenaUnmark(poolp, mark);
+ PORT_ArenaUnmark(poolp, mark);
}
return SECSuccess;
- loser:
+loser:
if (mark) {
PORT_ArenaRelease(poolp, mark);
}
return SECFailure;
}
-static CRMFPKIArchiveOptions*
+static CRMFPKIArchiveOptions *
crmf_create_encr_pivkey_option(CRMFEncryptedKey *inEncryptedKey)
{
CRMFPKIArchiveOptions *newArchOpt;
- SECStatus rv;
+ SECStatus rv;
newArchOpt = PORT_ZNew(CRMFPKIArchiveOptions);
if (newArchOpt == NULL) {
@@ -295,25 +295,25 @@ crmf_create_encr_pivkey_option(CRMFEncryptedKey *inEncryptedKey)
}
rv = crmf_copy_encryptedkey(NULL, inEncryptedKey,
- &newArchOpt->option.encryptedKey);
-
+ &newArchOpt->option.encryptedKey);
+
if (rv != SECSuccess) {
- goto loser;
+ goto loser;
}
newArchOpt->archOption = crmfEncryptedPrivateKey;
return newArchOpt;
- loser:
+loser:
if (newArchOpt != NULL) {
CRMF_DestroyPKIArchiveOptions(newArchOpt);
}
return NULL;
}
-static CRMFPKIArchiveOptions*
+static CRMFPKIArchiveOptions *
crmf_create_keygen_param_option(SECItem *inKeyGenParams)
{
CRMFPKIArchiveOptions *newArchOptions;
- SECStatus rv;
+ SECStatus rv;
newArchOptions = PORT_ZNew(CRMFPKIArchiveOptions);
if (newArchOptions == NULL) {
@@ -321,23 +321,23 @@ crmf_create_keygen_param_option(SECItem *inKeyGenParams)
}
newArchOptions->archOption = crmfKeyGenParameters;
rv = SECITEM_CopyItem(NULL, &newArchOptions->option.keyGenParameters,
- inKeyGenParams);
+ inKeyGenParams);
if (rv != SECSuccess) {
goto loser;
}
return newArchOptions;
- loser:
+loser:
if (newArchOptions != NULL) {
CRMF_DestroyPKIArchiveOptions(newArchOptions);
}
return NULL;
}
-static CRMFPKIArchiveOptions*
+static CRMFPKIArchiveOptions *
crmf_create_arch_rem_gen_privkey(PRBool archiveRemGenPrivKey)
{
- unsigned char value;
- SECItem *dummy;
+ unsigned char value;
+ SECItem *dummy;
CRMFPKIArchiveOptions *newArchOptions;
value = (archiveRemGenPrivKey) ? hexTrue : hexFalse;
@@ -345,63 +345,63 @@ crmf_create_arch_rem_gen_privkey(PRBool archiveRemGenPrivKey)
if (newArchOptions == NULL) {
goto loser;
}
- dummy = SEC_ASN1EncodeItem(NULL,
- &newArchOptions->option.archiveRemGenPrivKey,
- &value, SEC_ASN1_GET(SEC_BooleanTemplate));
- PORT_Assert (dummy == &newArchOptions->option.archiveRemGenPrivKey);
+ dummy = SEC_ASN1EncodeItem(NULL,
+ &newArchOptions->option.archiveRemGenPrivKey,
+ &value, SEC_ASN1_GET(SEC_BooleanTemplate));
+ PORT_Assert(dummy == &newArchOptions->option.archiveRemGenPrivKey);
if (dummy != &newArchOptions->option.archiveRemGenPrivKey) {
- SECITEM_FreeItem (dummy, PR_TRUE);
- goto loser;
+ SECITEM_FreeItem(dummy, PR_TRUE);
+ goto loser;
}
newArchOptions->archOption = crmfArchiveRemGenPrivKey;
return newArchOptions;
- loser:
+loser:
if (newArchOptions != NULL) {
CRMF_DestroyPKIArchiveOptions(newArchOptions);
}
return NULL;
}
-CRMFPKIArchiveOptions*
+CRMFPKIArchiveOptions *
CRMF_CreatePKIArchiveOptions(CRMFPKIArchiveOptionsType inType, void *data)
{
- CRMFPKIArchiveOptions* retOptions;
+ CRMFPKIArchiveOptions *retOptions;
PORT_Assert(data != NULL);
if (data == NULL) {
return NULL;
}
- switch(inType) {
- case crmfEncryptedPrivateKey:
- retOptions = crmf_create_encr_pivkey_option((CRMFEncryptedKey*)data);
- break;
- case crmfKeyGenParameters:
- retOptions = crmf_create_keygen_param_option((SECItem*)data);
- break;
- case crmfArchiveRemGenPrivKey:
- retOptions = crmf_create_arch_rem_gen_privkey(*(PRBool*)data);
- break;
- default:
- retOptions = NULL;
+ switch (inType) {
+ case crmfEncryptedPrivateKey:
+ retOptions = crmf_create_encr_pivkey_option((CRMFEncryptedKey *)data);
+ break;
+ case crmfKeyGenParameters:
+ retOptions = crmf_create_keygen_param_option((SECItem *)data);
+ break;
+ case crmfArchiveRemGenPrivKey:
+ retOptions = crmf_create_arch_rem_gen_privkey(*(PRBool *)data);
+ break;
+ default:
+ retOptions = NULL;
}
return retOptions;
}
static SECStatus
crmf_destroy_encrypted_key(CRMFEncryptedKey *inEncrKey, PRBool freeit)
-{
+{
PORT_Assert(inEncrKey != NULL);
if (inEncrKey != NULL) {
- switch (inEncrKey->encKeyChoice){
- case crmfEncryptedValueChoice:
- crmf_destroy_encrypted_value(&inEncrKey->value.encryptedValue,
- PR_FALSE);
- break;
- case crmfEnvelopedDataChoice:
- SEC_PKCS7DestroyContentInfo(inEncrKey->value.envelopedData);
- break;
- default:
- break;
+ switch (inEncrKey->encKeyChoice) {
+ case crmfEncryptedValueChoice:
+ crmf_destroy_encrypted_value(&inEncrKey->value.encryptedValue,
+ PR_FALSE);
+ break;
+ case crmfEnvelopedDataChoice:
+ SEC_PKCS7DestroyContentInfo(inEncrKey->value.envelopedData);
+ break;
+ default:
+ break;
}
if (freeit) {
PORT_Free(inEncrKey);
@@ -410,37 +410,37 @@ crmf_destroy_encrypted_key(CRMFEncryptedKey *inEncrKey, PRBool freeit)
return SECSuccess;
}
-SECStatus
-crmf_destroy_pkiarchiveoptions(CRMFPKIArchiveOptions *inArchOptions,
- PRBool freeit)
+SECStatus
+crmf_destroy_pkiarchiveoptions(CRMFPKIArchiveOptions *inArchOptions,
+ PRBool freeit)
{
PORT_Assert(inArchOptions != NULL);
if (inArchOptions != NULL) {
switch (inArchOptions->archOption) {
- case crmfEncryptedPrivateKey:
- crmf_destroy_encrypted_key(&inArchOptions->option.encryptedKey,
- PR_FALSE);
- break;
- case crmfKeyGenParameters:
- case crmfArchiveRemGenPrivKey:
- /* This is a union, so having a pointer to one is like
- * having a pointer to both.
- */
- SECITEM_FreeItem(&inArchOptions->option.keyGenParameters,
- PR_FALSE);
- break;
- case crmfNoArchiveOptions:
- break;
- }
- if (freeit) {
- PORT_Free(inArchOptions);
- }
+ case crmfEncryptedPrivateKey:
+ crmf_destroy_encrypted_key(&inArchOptions->option.encryptedKey,
+ PR_FALSE);
+ break;
+ case crmfKeyGenParameters:
+ case crmfArchiveRemGenPrivKey:
+ /* This is a union, so having a pointer to one is like
+ * having a pointer to both.
+ */
+ SECITEM_FreeItem(&inArchOptions->option.keyGenParameters,
+ PR_FALSE);
+ break;
+ case crmfNoArchiveOptions:
+ break;
+ }
+ if (freeit) {
+ PORT_Free(inArchOptions);
+ }
}
return SECSuccess;
}
SECStatus
-CRMF_DestroyPKIArchiveOptions(CRMFPKIArchiveOptions *inArchOptions)
+CRMF_DestroyPKIArchiveOptions(CRMFPKIArchiveOptions *inArchOptions)
{
return crmf_destroy_pkiarchiveoptions(inArchOptions, PR_TRUE);
}
@@ -449,24 +449,24 @@ static CK_MECHANISM_TYPE
crmf_get_non_pad_mechanism(CK_MECHANISM_TYPE type)
{
switch (type) {
- case CKM_DES3_CBC_PAD:
- return CKM_DES3_CBC;
- case CKM_CAST5_CBC_PAD:
- return CKM_CAST5_CBC;
- case CKM_DES_CBC_PAD:
- return CKM_DES_CBC;
- case CKM_IDEA_CBC_PAD:
- return CKM_IDEA_CBC;
- case CKM_CAST3_CBC_PAD:
- return CKM_CAST3_CBC;
- case CKM_CAST_CBC_PAD:
- return CKM_CAST_CBC;
- case CKM_RC5_CBC_PAD:
- return CKM_RC5_CBC;
- case CKM_RC2_CBC_PAD:
- return CKM_RC2_CBC;
- case CKM_CDMF_CBC_PAD:
- return CKM_CDMF_CBC;
+ case CKM_DES3_CBC_PAD:
+ return CKM_DES3_CBC;
+ case CKM_CAST5_CBC_PAD:
+ return CKM_CAST5_CBC;
+ case CKM_DES_CBC_PAD:
+ return CKM_DES_CBC;
+ case CKM_IDEA_CBC_PAD:
+ return CKM_IDEA_CBC;
+ case CKM_CAST3_CBC_PAD:
+ return CKM_CAST3_CBC;
+ case CKM_CAST_CBC_PAD:
+ return CKM_CAST_CBC;
+ case CKM_RC5_CBC_PAD:
+ return CKM_RC5_CBC;
+ case CKM_RC2_CBC_PAD:
+ return CKM_RC2_CBC;
+ case CKM_CDMF_CBC_PAD:
+ return CKM_CDMF_CBC;
}
return type;
}
@@ -474,8 +474,8 @@ crmf_get_non_pad_mechanism(CK_MECHANISM_TYPE type)
static CK_MECHANISM_TYPE
crmf_get_pad_mech_from_tag(SECOidTag oidTag)
{
- CK_MECHANISM_TYPE mechType;
- SECOidData *oidData;
+ CK_MECHANISM_TYPE mechType;
+ SECOidData *oidData;
oidData = SECOID_FindOIDByTag(oidTag);
mechType = (CK_MECHANISM_TYPE)oidData->mechanism;
@@ -483,24 +483,24 @@ crmf_get_pad_mech_from_tag(SECOidTag oidTag)
}
static CK_MECHANISM_TYPE
-crmf_get_best_privkey_wrap_mechanism(PK11SlotInfo *slot)
+crmf_get_best_privkey_wrap_mechanism(PK11SlotInfo *slot)
{
CK_MECHANISM_TYPE privKeyPadMechs[] = { CKM_DES3_CBC_PAD,
- CKM_CAST5_CBC_PAD,
- CKM_DES_CBC_PAD,
- CKM_IDEA_CBC_PAD,
- CKM_CAST3_CBC_PAD,
- CKM_CAST_CBC_PAD,
- CKM_RC5_CBC_PAD,
- CKM_RC2_CBC_PAD,
- CKM_CDMF_CBC_PAD };
- int mechCount = sizeof(privKeyPadMechs)/sizeof(privKeyPadMechs[0]);
+ CKM_CAST5_CBC_PAD,
+ CKM_DES_CBC_PAD,
+ CKM_IDEA_CBC_PAD,
+ CKM_CAST3_CBC_PAD,
+ CKM_CAST_CBC_PAD,
+ CKM_RC5_CBC_PAD,
+ CKM_RC2_CBC_PAD,
+ CKM_CDMF_CBC_PAD };
+ int mechCount = sizeof(privKeyPadMechs) / sizeof(privKeyPadMechs[0]);
int i;
- for (i=0; i < mechCount; i++) {
+ for (i = 0; i < mechCount; i++) {
if (PK11_DoesMechanism(slot, privKeyPadMechs[i])) {
- return privKeyPadMechs[i];
- }
+ return privKeyPadMechs[i];
+ }
}
return CKM_INVALID_MECHANISM;
}
@@ -511,12 +511,12 @@ CRMF_GetBestWrapPadMechanism(PK11SlotInfo *slot)
return crmf_get_best_privkey_wrap_mechanism(slot);
}
-static SECItem*
+static SECItem *
crmf_get_iv(CK_MECHANISM_TYPE mechType)
{
- int iv_size = PK11_GetIVLength(mechType);
- SECItem *iv;
- SECStatus rv;
+ int iv_size = PK11_GetIVLength(mechType);
+ SECItem *iv;
+ SECStatus rv;
iv = PORT_ZNew(SECItem);
if (iv == NULL) {
@@ -524,25 +524,25 @@ crmf_get_iv(CK_MECHANISM_TYPE mechType)
}
if (iv_size == 0) {
iv->data = NULL;
- iv->len = 0;
- return iv;
+ iv->len = 0;
+ return iv;
}
iv->data = PORT_NewArray(unsigned char, iv_size);
if (iv->data == NULL) {
iv->len = 0;
- return iv;
+ return iv;
}
iv->len = iv_size;
rv = PK11_GenerateRandom(iv->data, iv->len);
if (rv != SECSuccess) {
PORT_Free(iv->data);
- iv->data = NULL;
- iv->len = 0;
+ iv->data = NULL;
+ iv->len = 0;
}
return iv;
}
-SECItem*
+SECItem *
CRMF_GetIVFromMechanism(CK_MECHANISM_TYPE mechType)
{
return crmf_get_iv(mechType);
@@ -552,8 +552,7 @@ CK_MECHANISM_TYPE
crmf_get_mechanism_from_public_key(SECKEYPublicKey *inPubKey)
{
CERTSubjectPublicKeyInfo *spki = NULL;
- SECOidTag tag;
-
+ SECOidTag tag;
spki = SECKEY_CreateSubjectPublicKeyInfo(inPubKey);
if (spki == NULL) {
@@ -565,58 +564,59 @@ crmf_get_mechanism_from_public_key(SECKEYPublicKey *inPubKey)
return PK11_AlgtagToMechanism(tag);
}
-SECItem*
+SECItem *
crmf_get_public_value(SECKEYPublicKey *pubKey, SECItem *dest)
{
SECItem *src;
- switch(pubKey->keyType) {
- case dsaKey:
- src = &pubKey->u.dsa.publicValue;
- break;
- case rsaKey:
- src = &pubKey->u.rsa.modulus;
- break;
- case dhKey:
- src = &pubKey->u.dh.publicValue;
- break;
- default:
- src = NULL;
- break;
+ switch (pubKey->keyType) {
+ case dsaKey:
+ src = &pubKey->u.dsa.publicValue;
+ break;
+ case rsaKey:
+ src = &pubKey->u.rsa.modulus;
+ break;
+ case dhKey:
+ src = &pubKey->u.dh.publicValue;
+ break;
+ default:
+ src = NULL;
+ break;
}
if (!src) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return NULL;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return NULL;
}
if (dest != NULL) {
- SECStatus rv = SECITEM_CopyItem(NULL, dest, src);
- if (rv != SECSuccess) {
- dest = NULL;
- }
- } else {
+ SECStatus rv = SECITEM_CopyItem(NULL, dest, src);
+ if (rv != SECSuccess) {
+ dest = NULL;
+ }
+ }
+ else {
dest = SECITEM_ArenaDupItem(NULL, src);
}
return dest;
}
-static SECItem*
+static SECItem *
crmf_decode_params(SECItem *inParams)
{
- SECItem *params;
- SECStatus rv = SECFailure;
+ SECItem *params;
+ SECStatus rv = SECFailure;
PLArenaPool *poolp;
poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
if (poolp == NULL) {
return NULL;
}
-
+
params = PORT_ArenaZNew(poolp, SECItem);
if (params) {
- rv = SEC_ASN1DecodeItem(poolp, params,
- SEC_ASN1_GET(SEC_OctetStringTemplate),
- inParams);
+ rv = SEC_ASN1DecodeItem(poolp, params,
+ SEC_ASN1_GET(SEC_OctetStringTemplate),
+ inParams);
}
params = (rv == SECSuccess) ? SECITEM_ArenaDupItem(NULL, params) : NULL;
PORT_FreeArena(poolp, PR_FALSE);
@@ -629,37 +629,38 @@ crmf_get_key_size_from_mech(CK_MECHANISM_TYPE mechType)
CK_MECHANISM_TYPE keyGen = PK11_GetKeyGen(mechType);
switch (keyGen) {
- case CKM_CDMF_KEY_GEN:
- case CKM_DES_KEY_GEN:
- return 8;
- case CKM_DES2_KEY_GEN:
- return 16;
- case CKM_DES3_KEY_GEN:
- return 24;
+ case CKM_CDMF_KEY_GEN:
+ case CKM_DES_KEY_GEN:
+ return 8;
+ case CKM_DES2_KEY_GEN:
+ return 16;
+ case CKM_DES3_KEY_GEN:
+ return 24;
}
return 0;
}
SECStatus
-crmf_encrypted_value_unwrap_priv_key(PLArenaPool *poolp,
- CRMFEncryptedValue *encValue,
- SECKEYPrivateKey *privKey,
- SECKEYPublicKey *newPubKey,
- SECItem *nickname,
- PK11SlotInfo *slot,
- unsigned char keyUsage,
- SECKEYPrivateKey **unWrappedKey,
- void *wincx)
+crmf_encrypted_value_unwrap_priv_key(PLArenaPool *poolp,
+ CRMFEncryptedValue *encValue,
+ SECKEYPrivateKey *privKey,
+ SECKEYPublicKey *newPubKey,
+ SECItem *nickname,
+ PK11SlotInfo *slot,
+ unsigned char keyUsage,
+ SECKEYPrivateKey **unWrappedKey,
+ void *wincx)
{
- PK11SymKey *wrappingKey = NULL;
- CK_MECHANISM_TYPE wrapMechType;
- SECOidTag oidTag;
- SECItem *params = NULL, *publicValue = NULL;
- int keySize, origLen;
- CK_KEY_TYPE keyType;
+ PK11SymKey *wrappingKey = NULL;
+ CK_MECHANISM_TYPE wrapMechType;
+ SECOidTag oidTag;
+ SECItem *params = NULL, *publicValue = NULL;
+ int keySize, origLen;
+ CK_KEY_TYPE keyType;
CK_ATTRIBUTE_TYPE *usage = NULL;
CK_ATTRIBUTE_TYPE rsaUsage[] = {
- CKA_UNWRAP, CKA_DECRYPT, CKA_SIGN, CKA_SIGN_RECOVER };
+ CKA_UNWRAP, CKA_DECRYPT, CKA_SIGN, CKA_SIGN_RECOVER
+ };
CK_ATTRIBUTE_TYPE dsaUsage[] = { CKA_SIGN };
CK_ATTRIBUTE_TYPE dhUsage[] = { CKA_DERIVE };
int usageCount = 0;
@@ -667,108 +668,110 @@ crmf_encrypted_value_unwrap_priv_key(PLArenaPool *poolp,
oidTag = SECOID_GetAlgorithmTag(encValue->symmAlg);
wrapMechType = crmf_get_pad_mech_from_tag(oidTag);
keySize = crmf_get_key_size_from_mech(wrapMechType);
- wrappingKey = PK11_PubUnwrapSymKey(privKey, &encValue->encSymmKey,
- wrapMechType, CKA_UNWRAP, keySize);
+ wrappingKey = PK11_PubUnwrapSymKey(privKey, &encValue->encSymmKey,
+ wrapMechType, CKA_UNWRAP, keySize);
if (wrappingKey == NULL) {
goto loser;
- }/* Make the length a byte length instead of bit length*/
- params = (encValue->symmAlg != NULL) ?
- crmf_decode_params(&encValue->symmAlg->parameters) : NULL;
+ } /* Make the length a byte length instead of bit length*/
+ params = (encValue->symmAlg != NULL) ?
+ crmf_decode_params(&encValue->symmAlg->parameters)
+ : NULL;
origLen = encValue->encValue.len;
encValue->encValue.len = CRMF_BITS_TO_BYTES(origLen);
publicValue = crmf_get_public_value(newPubKey, NULL);
- switch(newPubKey->keyType) {
- default:
- case rsaKey:
- keyType = CKK_RSA;
- switch (keyUsage & (KU_KEY_ENCIPHERMENT|KU_DIGITAL_SIGNATURE)) {
- case KU_KEY_ENCIPHERMENT:
- usage = rsaUsage;
- usageCount = 2;
+ switch (newPubKey->keyType) {
+ default:
+ case rsaKey:
+ keyType = CKK_RSA;
+ switch (keyUsage & (KU_KEY_ENCIPHERMENT | KU_DIGITAL_SIGNATURE)) {
+ case KU_KEY_ENCIPHERMENT:
+ usage = rsaUsage;
+ usageCount = 2;
+ break;
+ case KU_DIGITAL_SIGNATURE:
+ usage = &rsaUsage[2];
+ usageCount = 2;
+ break;
+ case KU_KEY_ENCIPHERMENT |
+ KU_DIGITAL_SIGNATURE:
+ case 0: /* default to everything */
+ usage = rsaUsage;
+ usageCount = 4;
+ break;
+ }
break;
- case KU_DIGITAL_SIGNATURE:
- usage = &rsaUsage[2];
- usageCount = 2;
+ case dhKey:
+ keyType = CKK_DH;
+ usage = dhUsage;
+ usageCount = sizeof(dhUsage) / sizeof(dhUsage[0]);
break;
- case KU_KEY_ENCIPHERMENT|KU_DIGITAL_SIGNATURE:
- case 0: /* default to everything */
- usage = rsaUsage;
- usageCount = 4;
+ case dsaKey:
+ keyType = CKK_DSA;
+ usage = dsaUsage;
+ usageCount = sizeof(dsaUsage) / sizeof(dsaUsage[0]);
break;
- }
- break;
- case dhKey:
- keyType = CKK_DH;
- usage = dhUsage;
- usageCount = sizeof(dhUsage)/sizeof(dhUsage[0]);
- break;
- case dsaKey:
- keyType = CKK_DSA;
- usage = dsaUsage;
- usageCount = sizeof(dsaUsage)/sizeof(dsaUsage[0]);
- break;
}
PORT_Assert(usage != NULL);
PORT_Assert(usageCount != 0);
*unWrappedKey = PK11_UnwrapPrivKey(slot, wrappingKey, wrapMechType, params,
- &encValue->encValue, nickname,
- publicValue, PR_TRUE,PR_TRUE,
- keyType, usage, usageCount, wincx);
+ &encValue->encValue, nickname,
+ publicValue, PR_TRUE, PR_TRUE,
+ keyType, usage, usageCount, wincx);
encValue->encValue.len = origLen;
if (*unWrappedKey == NULL) {
goto loser;
}
- SECITEM_FreeItem (publicValue, PR_TRUE);
- if (params!= NULL) {
+ SECITEM_FreeItem(publicValue, PR_TRUE);
+ if (params != NULL) {
SECITEM_FreeItem(params, PR_TRUE);
- }
+ }
PK11_FreeSymKey(wrappingKey);
return SECSuccess;
- loser:
+loser:
*unWrappedKey = NULL;
return SECFailure;
}
CRMFEncryptedValue *
-crmf_create_encrypted_value_wrapped_privkey(SECKEYPrivateKey *inPrivKey,
- SECKEYPublicKey *inCAKey,
- CRMFEncryptedValue *destValue)
+crmf_create_encrypted_value_wrapped_privkey(SECKEYPrivateKey *inPrivKey,
+ SECKEYPublicKey *inCAKey,
+ CRMFEncryptedValue *destValue)
{
- SECItem wrappedPrivKey, wrappedSymKey;
- SECItem encodedParam, *dummy;
- SECStatus rv;
- CK_MECHANISM_TYPE pubMechType, symKeyType;
- unsigned char *wrappedSymKeyBits;
- unsigned char *wrappedPrivKeyBits;
- SECItem *iv = NULL;
- SECOidTag tag;
- PK11SymKey *symKey;
- PK11SlotInfo *slot;
- SECAlgorithmID *symmAlg;
- CRMFEncryptedValue *myEncrValue = NULL;
+ SECItem wrappedPrivKey, wrappedSymKey;
+ SECItem encodedParam, *dummy;
+ SECStatus rv;
+ CK_MECHANISM_TYPE pubMechType, symKeyType;
+ unsigned char *wrappedSymKeyBits;
+ unsigned char *wrappedPrivKeyBits;
+ SECItem *iv = NULL;
+ SECOidTag tag;
+ PK11SymKey *symKey;
+ PK11SlotInfo *slot;
+ SECAlgorithmID *symmAlg;
+ CRMFEncryptedValue *myEncrValue = NULL;
encodedParam.data = NULL;
- wrappedSymKeyBits = PORT_NewArray(unsigned char, MAX_WRAPPED_KEY_LEN);
+ wrappedSymKeyBits = PORT_NewArray(unsigned char, MAX_WRAPPED_KEY_LEN);
wrappedPrivKeyBits = PORT_NewArray(unsigned char, MAX_WRAPPED_KEY_LEN);
if (wrappedSymKeyBits == NULL || wrappedPrivKeyBits == NULL) {
goto loser;
}
if (destValue == NULL) {
myEncrValue = destValue = PORT_ZNew(CRMFEncryptedValue);
- if (destValue == NULL) {
- goto loser;
- }
+ if (destValue == NULL) {
+ goto loser;
+ }
}
pubMechType = crmf_get_mechanism_from_public_key(inCAKey);
if (pubMechType == CKM_INVALID_MECHANISM) {
- /* XXX I should probably do something here for non-RSA
- * keys that are in certs. (ie DSA)
- * XXX or at least SET AN ERROR CODE.
- */
+ /* XXX I should probably do something here for non-RSA
+ * keys that are in certs. (ie DSA)
+ * XXX or at least SET AN ERROR CODE.
+ */
goto loser;
}
- slot = inPrivKey->pkcs11Slot;
+ slot = inPrivKey->pkcs11Slot;
PORT_Assert(slot != NULL);
symKeyType = crmf_get_best_privkey_wrap_mechanism(slot);
symKey = PK11_KeyGen(slot, symKeyType, NULL, 0, NULL);
@@ -777,7 +780,7 @@ crmf_create_encrypted_value_wrapped_privkey(SECKEYPrivateKey *inPrivKey,
}
wrappedSymKey.data = wrappedSymKeyBits;
- wrappedSymKey.len = MAX_WRAPPED_KEY_LEN;
+ wrappedSymKey.len = MAX_WRAPPED_KEY_LEN;
rv = PK11_PubWrapSymKey(pubMechType, inCAKey, symKey, &wrappedSymKey);
if (rv != SECSuccess) {
goto loser;
@@ -786,26 +789,26 @@ crmf_create_encrypted_value_wrapped_privkey(SECKEYPrivateKey *inPrivKey,
wrappedSymKey.len <<= 3;
wrappedPrivKey.data = wrappedPrivKeyBits;
- wrappedPrivKey.len = MAX_WRAPPED_KEY_LEN;
+ wrappedPrivKey.len = MAX_WRAPPED_KEY_LEN;
iv = crmf_get_iv(symKeyType);
- rv = PK11_WrapPrivKey(slot, symKey, inPrivKey, symKeyType, iv,
- &wrappedPrivKey, NULL);
+ rv = PK11_WrapPrivKey(slot, symKey, inPrivKey, symKeyType, iv,
+ &wrappedPrivKey, NULL);
PK11_FreeSymKey(symKey);
if (rv != SECSuccess) {
goto loser;
}
/* Make the length of the result a Bit String length. */
wrappedPrivKey.len <<= 3;
- rv = crmf_make_bitstring_copy(NULL,
- &destValue->encValue,
- &wrappedPrivKey);
+ rv = crmf_make_bitstring_copy(NULL,
+ &destValue->encValue,
+ &wrappedPrivKey);
if (rv != SECSuccess) {
goto loser;
}
rv = crmf_make_bitstring_copy(NULL,
- &destValue->encSymmKey,
- &wrappedSymKey);
+ &destValue->encSymmKey,
+ &wrappedSymKey);
if (rv != SECSuccess) {
goto loser;
}
@@ -814,11 +817,11 @@ crmf_create_encrypted_value_wrapped_privkey(SECKEYPrivateKey *inPrivKey,
goto loser;
}
- dummy = SEC_ASN1EncodeItem(NULL, &encodedParam, iv,
+ dummy = SEC_ASN1EncodeItem(NULL, &encodedParam, iv,
SEC_ASN1_GET(SEC_OctetStringTemplate));
if (dummy != &encodedParam) {
SECITEM_FreeItem(dummy, PR_TRUE);
- goto loser;
+ goto loser;
}
symKeyType = crmf_get_non_pad_mechanism(symKeyType);
@@ -832,9 +835,9 @@ crmf_create_encrypted_value_wrapped_privkey(SECKEYPrivateKey *inPrivKey,
PORT_Free(wrappedSymKeyBits);
SECITEM_FreeItem(iv, PR_TRUE);
return destValue;
- loser:
+loser:
if (iv != NULL) {
- SECITEM_FreeItem(iv, PR_TRUE);
+ SECITEM_FreeItem(iv, PR_TRUE);
}
if (myEncrValue != NULL) {
crmf_destroy_encrypted_value(myEncrValue, PR_TRUE);
@@ -846,17 +849,17 @@ crmf_create_encrypted_value_wrapped_privkey(SECKEYPrivateKey *inPrivKey,
PORT_Free(wrappedPrivKeyBits);
}
if (encodedParam.data != NULL) {
- SECITEM_FreeItem(&encodedParam, PR_FALSE);
+ SECITEM_FreeItem(&encodedParam, PR_FALSE);
}
return NULL;
}
-CRMFEncryptedKey*
-CRMF_CreateEncryptedKeyWithEncryptedValue (SECKEYPrivateKey *inPrivKey,
- CERTCertificate *inCACert)
+CRMFEncryptedKey *
+CRMF_CreateEncryptedKeyWithEncryptedValue(SECKEYPrivateKey *inPrivKey,
+ CERTCertificate *inCACert)
{
- SECKEYPublicKey *caPubKey = NULL;
- CRMFEncryptedKey *encKey = NULL;
+ SECKEYPublicKey *caPubKey = NULL;
+ CRMFEncryptedKey *encKey = NULL;
PORT_Assert(inPrivKey != NULL && inCACert != NULL);
if (inPrivKey == NULL || inCACert == NULL) {
@@ -883,13 +886,13 @@ CRMF_CreateEncryptedKeyWithEncryptedValue (SECKEYPrivateKey *inPrivKey,
crmf_create_encrypted_value_wrapped_privkey(
inPrivKey, caPubKey, &encKey->value.encryptedValue);
#endif
- /* We won't add the der value here, but rather when it
+ /* We won't add the der value here, but rather when it
* becomes part of a certificate request.
*/
SECKEY_DestroyPublicKey(caPubKey);
encKey->encKeyChoice = crmfEncryptedValueChoice;
return encKey;
- loser:
+loser:
if (encKey != NULL) {
CRMF_DestroyEncryptedKey(encKey);
}
@@ -906,29 +909,29 @@ CRMF_DestroyEncryptedKey(CRMFEncryptedKey *inEncrKey)
}
SECStatus
-crmf_copy_pkiarchiveoptions(PLArenaPool *poolp,
- CRMFPKIArchiveOptions *destOpt,
- CRMFPKIArchiveOptions *srcOpt)
+crmf_copy_pkiarchiveoptions(PLArenaPool *poolp,
+ CRMFPKIArchiveOptions *destOpt,
+ CRMFPKIArchiveOptions *srcOpt)
{
SECStatus rv;
destOpt->archOption = srcOpt->archOption;
switch (srcOpt->archOption) {
- case crmfEncryptedPrivateKey:
- rv = crmf_copy_encryptedkey(poolp,
- &srcOpt->option.encryptedKey,
- &destOpt->option.encryptedKey);
- break;
- case crmfKeyGenParameters:
- case crmfArchiveRemGenPrivKey:
- /* We've got a union, so having a pointer to one is just
- * like having a pointer to the other one.
- */
- rv = SECITEM_CopyItem(poolp,
- &destOpt->option.keyGenParameters,
- &srcOpt->option.keyGenParameters);
- break;
- default:
- rv = SECFailure;
+ case crmfEncryptedPrivateKey:
+ rv = crmf_copy_encryptedkey(poolp,
+ &srcOpt->option.encryptedKey,
+ &destOpt->option.encryptedKey);
+ break;
+ case crmfKeyGenParameters:
+ case crmfArchiveRemGenPrivKey:
+ /* We've got a union, so having a pointer to one is just
+ * like having a pointer to the other one.
+ */
+ rv = SECITEM_CopyItem(poolp,
+ &destOpt->option.keyGenParameters,
+ &srcOpt->option.keyGenParameters);
+ break;
+ default:
+ rv = SECFailure;
}
return rv;
}
@@ -940,23 +943,23 @@ crmf_check_and_adjust_archoption(CRMFControl *inControl)
options = &inControl->value.archiveOptions;
if (options->archOption == crmfNoArchiveOptions) {
- /* It hasn't been set, so figure it out from the
- * der.
- */
+ /* It hasn't been set, so figure it out from the
+ * der.
+ */
switch (inControl->derValue.data[0] & 0x0f) {
- case 0:
- options->archOption = crmfEncryptedPrivateKey;
- break;
- case 1:
- options->archOption = crmfKeyGenParameters;
- break;
- case 2:
- options->archOption = crmfArchiveRemGenPrivKey;
- break;
- default:
- /* We've got bad DER. Return an error. */
- return SECFailure;
- }
+ case 0:
+ options->archOption = crmfEncryptedPrivateKey;
+ break;
+ case 1:
+ options->archOption = crmfKeyGenParameters;
+ break;
+ case 2:
+ options->archOption = crmfArchiveRemGenPrivKey;
+ break;
+ default:
+ /* We've got bad DER. Return an error. */
+ return SECFailure;
+ }
}
return SECSuccess;
}
@@ -965,10 +968,10 @@ static const SEC_ASN1Template *
crmf_get_pkiarchive_subtemplate(CRMFControl *inControl)
{
const SEC_ASN1Template *retTemplate;
- SECStatus rv;
+ SECStatus rv;
/*
* We could be in the process of decoding, in which case the
- * archOption field will not be set. Let's check it and set
+ * archOption field will not be set. Let's check it and set
* it accordingly.
*/
@@ -978,38 +981,38 @@ crmf_get_pkiarchive_subtemplate(CRMFControl *inControl)
}
switch (inControl->value.archiveOptions.archOption) {
- case crmfEncryptedPrivateKey:
- retTemplate = CRMFEncryptedKeyWithEncryptedValueTemplate;
- inControl->value.archiveOptions.option.encryptedKey.encKeyChoice =
- crmfEncryptedValueChoice;
- break;
- default:
- retTemplate = NULL;
+ case crmfEncryptedPrivateKey:
+ retTemplate = CRMFEncryptedKeyWithEncryptedValueTemplate;
+ inControl->value.archiveOptions.option.encryptedKey.encKeyChoice =
+ crmfEncryptedValueChoice;
+ break;
+ default:
+ retTemplate = NULL;
}
return retTemplate;
}
-const SEC_ASN1Template*
+const SEC_ASN1Template *
crmf_get_pkiarchiveoptions_subtemplate(CRMFControl *inControl)
{
const SEC_ASN1Template *retTemplate;
switch (inControl->tag) {
- case SEC_OID_PKIX_REGCTRL_REGTOKEN:
- case SEC_OID_PKIX_REGCTRL_AUTHENTICATOR:
- retTemplate = SEC_ASN1_GET(SEC_UTF8StringTemplate);
- break;
- case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS:
- retTemplate = crmf_get_pkiarchive_subtemplate(inControl);
- break;
- case SEC_OID_PKIX_REGCTRL_PKIPUBINFO:
- case SEC_OID_PKIX_REGCTRL_OLD_CERT_ID:
- case SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY:
- /* We don't support these controls, so we fail for now.*/
- retTemplate = NULL;
- break;
- default:
- retTemplate = NULL;
+ case SEC_OID_PKIX_REGCTRL_REGTOKEN:
+ case SEC_OID_PKIX_REGCTRL_AUTHENTICATOR:
+ retTemplate = SEC_ASN1_GET(SEC_UTF8StringTemplate);
+ break;
+ case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS:
+ retTemplate = crmf_get_pkiarchive_subtemplate(inControl);
+ break;
+ case SEC_OID_PKIX_REGCTRL_PKIPUBINFO:
+ case SEC_OID_PKIX_REGCTRL_OLD_CERT_ID:
+ case SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY:
+ /* We don't support these controls, so we fail for now.*/
+ retTemplate = NULL;
+ break;
+ default:
+ retTemplate = NULL;
}
return retTemplate;
}
@@ -1020,7 +1023,7 @@ crmf_encode_pkiarchiveoptions(PLArenaPool *poolp, CRMFControl *inControl)
const SEC_ASN1Template *asn1Template;
asn1Template = crmf_get_pkiarchiveoptions_subtemplate(inControl);
- /* We've got a union, so passing a pointer to one element of the
+ /* We've got a union, so passing a pointer to one element of the
* union, is the same as passing a pointer to any of the other
* members of the union.
*/
@@ -1031,46 +1034,46 @@ crmf_encode_pkiarchiveoptions(PLArenaPool *poolp, CRMFControl *inControl)
goto loser;
}
return SECSuccess;
- loser:
+loser:
return SECFailure;
}
SECStatus
-CRMF_CertRequestSetPKIArchiveOptions(CRMFCertRequest *inCertReq,
- CRMFPKIArchiveOptions *inOptions)
+CRMF_CertRequestSetPKIArchiveOptions(CRMFCertRequest *inCertReq,
+ CRMFPKIArchiveOptions *inOptions)
{
CRMFControl *newControl;
PLArenaPool *poolp;
- SECStatus rv;
- void *mark;
-
+ SECStatus rv;
+ void *mark;
+
PORT_Assert(inCertReq != NULL && inOptions != NULL);
if (inCertReq == NULL || inOptions == NULL) {
return SECFailure;
}
poolp = inCertReq->poolp;
mark = PORT_ArenaMark(poolp);
- rv = crmf_add_new_control(inCertReq,
- SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS,
- &newControl);
+ rv = crmf_add_new_control(inCertReq,
+ SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS,
+ &newControl);
if (rv != SECSuccess) {
goto loser;
}
- rv = crmf_copy_pkiarchiveoptions(poolp,
- &newControl->value.archiveOptions,
- inOptions);
+ rv = crmf_copy_pkiarchiveoptions(poolp,
+ &newControl->value.archiveOptions,
+ inOptions);
if (rv != SECSuccess) {
goto loser;
}
- rv = crmf_encode_pkiarchiveoptions(poolp, newControl);
+ rv = crmf_encode_pkiarchiveoptions(poolp, newControl);
if (rv != SECSuccess) {
goto loser;
}
PORT_ArenaUnmark(poolp, mark);
return SECSuccess;
- loser:
+loser:
PORT_ArenaRelease(poolp, mark);
return SECFailure;
}
@@ -1082,25 +1085,25 @@ crmf_destroy_control(CRMFControl *inControl, PRBool freeit)
if (inControl != NULL) {
SECITEM_FreeItem(&inControl->derTag, PR_FALSE);
SECITEM_FreeItem(&inControl->derValue, PR_FALSE);
- /* None of the other tags require special processing at
- * the moment when freeing because they are not supported,
- * but if/when they are, add the necessary routines here.
- * If all controls are supported, then every member of the
- * union inControl->value will have a case that deals with
- * it in the following switch statement.
- */
- switch (inControl->tag) {
- case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS:
- crmf_destroy_pkiarchiveoptions(&inControl->value.archiveOptions,
- PR_FALSE);
- break;
- default:
- /* Put this here to get rid of all those annoying warnings.*/
- break;
- }
- if (freeit) {
- PORT_Free(inControl);
- }
+ /* None of the other tags require special processing at
+ * the moment when freeing because they are not supported,
+ * but if/when they are, add the necessary routines here.
+ * If all controls are supported, then every member of the
+ * union inControl->value will have a case that deals with
+ * it in the following switch statement.
+ */
+ switch (inControl->tag) {
+ case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS:
+ crmf_destroy_pkiarchiveoptions(&inControl->value.archiveOptions,
+ PR_FALSE);
+ break;
+ default:
+ /* Put this here to get rid of all those annoying warnings.*/
+ break;
+ }
+ if (freeit) {
+ PORT_Free(inControl);
+ }
}
return SECSuccess;
}
@@ -1116,49 +1119,48 @@ crmf_controltype_to_tag(CRMFControlType inControlType)
{
SECOidTag retVal;
- switch(inControlType) {
- case crmfRegTokenControl:
- retVal = SEC_OID_PKIX_REGCTRL_REGTOKEN;
- break;
- case crmfAuthenticatorControl:
- retVal = SEC_OID_PKIX_REGCTRL_AUTHENTICATOR;
- break;
- case crmfPKIPublicationInfoControl:
- retVal = SEC_OID_PKIX_REGCTRL_PKIPUBINFO;
- break;
- case crmfPKIArchiveOptionsControl:
- retVal = SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS;
- break;
- case crmfOldCertIDControl:
- retVal = SEC_OID_PKIX_REGCTRL_OLD_CERT_ID;
- break;
- case crmfProtocolEncrKeyControl:
- retVal = SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY;
- break;
- default:
- retVal = SEC_OID_UNKNOWN;
- break;
+ switch (inControlType) {
+ case crmfRegTokenControl:
+ retVal = SEC_OID_PKIX_REGCTRL_REGTOKEN;
+ break;
+ case crmfAuthenticatorControl:
+ retVal = SEC_OID_PKIX_REGCTRL_AUTHENTICATOR;
+ break;
+ case crmfPKIPublicationInfoControl:
+ retVal = SEC_OID_PKIX_REGCTRL_PKIPUBINFO;
+ break;
+ case crmfPKIArchiveOptionsControl:
+ retVal = SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS;
+ break;
+ case crmfOldCertIDControl:
+ retVal = SEC_OID_PKIX_REGCTRL_OLD_CERT_ID;
+ break;
+ case crmfProtocolEncrKeyControl:
+ retVal = SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY;
+ break;
+ default:
+ retVal = SEC_OID_UNKNOWN;
+ break;
}
return retVal;
}
PRBool
CRMF_CertRequestIsControlPresent(CRMFCertRequest *inCertReq,
- CRMFControlType inControlType)
+ CRMFControlType inControlType)
{
SECOidTag controlTag;
- int i;
+ int i;
PORT_Assert(inCertReq != NULL);
if (inCertReq == NULL || inCertReq->controls == NULL) {
return PR_FALSE;
}
controlTag = crmf_controltype_to_tag(inControlType);
- for (i=0; inCertReq->controls[i] != NULL; i++) {
+ for (i = 0; inCertReq->controls[i] != NULL; i++) {
if (inCertReq->controls[i]->tag == controlTag) {
- return PR_TRUE;
- }
+ return PR_TRUE;
+ }
}
return PR_FALSE;
}
-
diff --git a/lib/crmf/crmfdec.c b/lib/crmf/crmfdec.c
index 6be165fa7..ac6e87268 100644
--- a/lib/crmf/crmfdec.c
+++ b/lib/crmf/crmfdec.c
@@ -3,7 +3,6 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
#include "crmf.h"
#include "crmfi.h"
#include "secitem.h"
@@ -14,35 +13,35 @@ crmf_get_popchoice_from_der(SECItem *derPOP)
CRMFPOPChoice retChoice;
switch (derPOP->data[0] & 0x0f) {
- case 0:
- retChoice = crmfRAVerified;
- break;
- case 1:
- retChoice = crmfSignature;
- break;
- case 2:
- retChoice = crmfKeyEncipherment;
- break;
- case 3:
- retChoice = crmfKeyAgreement;
- break;
- default:
- retChoice = crmfNoPOPChoice;
- break;
+ case 0:
+ retChoice = crmfRAVerified;
+ break;
+ case 1:
+ retChoice = crmfSignature;
+ break;
+ case 2:
+ retChoice = crmfKeyEncipherment;
+ break;
+ case 3:
+ retChoice = crmfKeyAgreement;
+ break;
+ default:
+ retChoice = crmfNoPOPChoice;
+ break;
}
return retChoice;
}
static SECStatus
crmf_decode_process_raverified(CRMFCertReqMsg *inCertReqMsg)
-{
+{
CRMFProofOfPossession *pop;
/* Just set up the structure so that the message structure
* looks like one that was created using the API
*/
pop = inCertReqMsg->pop;
pop->popChoice.raVerified.data = NULL;
- pop->popChoice.raVerified.len = 0;
+ pop->popChoice.raVerified.len = 0;
return SECSuccess;
}
@@ -51,14 +50,14 @@ crmf_decode_process_signature(CRMFCertReqMsg *inCertReqMsg)
{
PORT_Assert(inCertReqMsg->poolp);
if (!inCertReqMsg->poolp) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
return SEC_ASN1Decode(inCertReqMsg->poolp,
- &inCertReqMsg->pop->popChoice.signature,
- CRMFPOPOSigningKeyTemplate,
- (const char*)inCertReqMsg->derPOP.data,
- inCertReqMsg->derPOP.len);
+ &inCertReqMsg->pop->popChoice.signature,
+ CRMFPOPOSigningKeyTemplate,
+ (const char *)inCertReqMsg->derPOP.data,
+ inCertReqMsg->derPOP.len);
}
static CRMFPOPOPrivKeyChoice
@@ -67,17 +66,17 @@ crmf_get_messagechoice_from_der(SECItem *derPOP)
CRMFPOPOPrivKeyChoice retChoice;
switch (derPOP->data[2] & 0x0f) {
- case 0:
- retChoice = crmfThisMessage;
- break;
- case 1:
- retChoice = crmfSubsequentMessage;
- break;
- case 2:
- retChoice = crmfDHMAC;
- break;
- default:
- retChoice = crmfNoMessage;
+ case 0:
+ retChoice = crmfThisMessage;
+ break;
+ case 1:
+ retChoice = crmfSubsequentMessage;
+ break;
+ case 2:
+ retChoice = crmfDHMAC;
+ break;
+ default:
+ retChoice = crmfNoMessage;
}
return retChoice;
}
@@ -86,13 +85,13 @@ static SECStatus
crmf_decode_process_popoprivkey(CRMFCertReqMsg *inCertReqMsg)
{
/* We've got a union, so a pointer to one POPOPrivKey
- * struct is the same as having a pointer to the other
+ * struct is the same as having a pointer to the other
* one.
*/
- CRMFPOPOPrivKey *popoPrivKey =
- &inCertReqMsg->pop->popChoice.keyEncipherment;
- SECItem *derPOP, privKeyDer;
- SECStatus rv;
+ CRMFPOPOPrivKey *popoPrivKey =
+ &inCertReqMsg->pop->popChoice.keyEncipherment;
+ SECItem *derPOP, privKeyDer;
+ SECStatus rv;
derPOP = &inCertReqMsg->derPOP;
popoPrivKey->messageChoice = crmf_get_messagechoice_from_der(derPOP);
@@ -101,37 +100,36 @@ crmf_decode_process_popoprivkey(CRMFCertReqMsg *inCertReqMsg)
}
/* If we ever encounter BER encodings of this, we'll get in trouble*/
switch (popoPrivKey->messageChoice) {
- case crmfThisMessage:
- case crmfDHMAC:
- privKeyDer.type = derPOP->type;
- privKeyDer.data = &derPOP->data[5];
- privKeyDer.len = derPOP->len - 5;
- break;
- case crmfSubsequentMessage:
- privKeyDer.type = derPOP->type;
- privKeyDer.data = &derPOP->data[4];
- privKeyDer.len = derPOP->len - 4;
- break;
- default:
- return SECFailure;
+ case crmfThisMessage:
+ case crmfDHMAC:
+ privKeyDer.type = derPOP->type;
+ privKeyDer.data = &derPOP->data[5];
+ privKeyDer.len = derPOP->len - 5;
+ break;
+ case crmfSubsequentMessage:
+ privKeyDer.type = derPOP->type;
+ privKeyDer.data = &derPOP->data[4];
+ privKeyDer.len = derPOP->len - 4;
+ break;
+ default:
+ return SECFailure;
}
- rv = SECITEM_CopyItem(inCertReqMsg->poolp,
- &popoPrivKey->message.subsequentMessage,
- &privKeyDer);
+ rv = SECITEM_CopyItem(inCertReqMsg->poolp,
+ &popoPrivKey->message.subsequentMessage,
+ &privKeyDer);
if (rv != SECSuccess) {
return rv;
}
if (popoPrivKey->messageChoice == crmfThisMessage ||
- popoPrivKey->messageChoice == crmfDHMAC) {
+ popoPrivKey->messageChoice == crmfDHMAC) {
- popoPrivKey->message.thisMessage.len =
- CRMF_BYTES_TO_BITS(privKeyDer.len) - (int)derPOP->data[4];
-
+ popoPrivKey->message.thisMessage.len =
+ CRMF_BYTES_TO_BITS(privKeyDer.len) - (int)derPOP->data[4];
}
- return SECSuccess;
+ return SECSuccess;
}
static SECStatus
@@ -149,11 +147,11 @@ crmf_decode_process_keyencipherment(CRMFCertReqMsg *inCertReqMsg)
if (rv != SECSuccess) {
return rv;
}
- if (inCertReqMsg->pop->popChoice.keyEncipherment.messageChoice ==
- crmfDHMAC) {
+ if (inCertReqMsg->pop->popChoice.keyEncipherment.messageChoice ==
+ crmfDHMAC) {
/* Key Encipherment can not use the dhMAC option for
- * POPOPrivKey.
- */
+ * POPOPrivKey.
+ */
return SECFailure;
}
return SECSuccess;
@@ -162,100 +160,99 @@ crmf_decode_process_keyencipherment(CRMFCertReqMsg *inCertReqMsg)
static SECStatus
crmf_decode_process_pop(CRMFCertReqMsg *inCertReqMsg)
{
- SECItem *derPOP;
- PLArenaPool *poolp;
- CRMFProofOfPossession *pop;
- void *mark;
- SECStatus rv;
-
- derPOP = &inCertReqMsg->derPOP;
- poolp = inCertReqMsg->poolp;
- if (derPOP->data == NULL) {
- /* There is no Proof of Possession field in this message. */
- return SECSuccess;
- }
- mark = PORT_ArenaMark(poolp);
- pop = PORT_ArenaZNew(poolp, CRMFProofOfPossession);
- if (pop == NULL) {
- goto loser;
- }
- pop->popUsed = crmf_get_popchoice_from_der(derPOP);
- if (pop->popUsed == crmfNoPOPChoice) {
- /* A bad encoding of CRMF. Not a valid tag was given to the
- * Proof Of Possession field.
- */
- goto loser;
- }
- inCertReqMsg->pop = pop;
- switch (pop->popUsed) {
- case crmfRAVerified:
- rv = crmf_decode_process_raverified(inCertReqMsg);
- break;
- case crmfSignature:
- rv = crmf_decode_process_signature(inCertReqMsg);
- break;
- case crmfKeyEncipherment:
- rv = crmf_decode_process_keyencipherment(inCertReqMsg);
- break;
- case crmfKeyAgreement:
- rv = crmf_decode_process_keyagreement(inCertReqMsg);
- break;
- default:
- rv = SECFailure;
- }
- if (rv != SECSuccess) {
- goto loser;
- }
- PORT_ArenaUnmark(poolp, mark);
- return SECSuccess;
-
- loser:
- PORT_ArenaRelease(poolp, mark);
- inCertReqMsg->pop = NULL;
- return SECFailure;
-
+ SECItem *derPOP;
+ PLArenaPool *poolp;
+ CRMFProofOfPossession *pop;
+ void *mark;
+ SECStatus rv;
+
+ derPOP = &inCertReqMsg->derPOP;
+ poolp = inCertReqMsg->poolp;
+ if (derPOP->data == NULL) {
+ /* There is no Proof of Possession field in this message. */
+ return SECSuccess;
+ }
+ mark = PORT_ArenaMark(poolp);
+ pop = PORT_ArenaZNew(poolp, CRMFProofOfPossession);
+ if (pop == NULL) {
+ goto loser;
+ }
+ pop->popUsed = crmf_get_popchoice_from_der(derPOP);
+ if (pop->popUsed == crmfNoPOPChoice) {
+ /* A bad encoding of CRMF. Not a valid tag was given to the
+ * Proof Of Possession field.
+ */
+ goto loser;
+ }
+ inCertReqMsg->pop = pop;
+ switch (pop->popUsed) {
+ case crmfRAVerified:
+ rv = crmf_decode_process_raverified(inCertReqMsg);
+ break;
+ case crmfSignature:
+ rv = crmf_decode_process_signature(inCertReqMsg);
+ break;
+ case crmfKeyEncipherment:
+ rv = crmf_decode_process_keyencipherment(inCertReqMsg);
+ break;
+ case crmfKeyAgreement:
+ rv = crmf_decode_process_keyagreement(inCertReqMsg);
+ break;
+ default:
+ rv = SECFailure;
+ }
+ if (rv != SECSuccess) {
+ goto loser;
+ }
+ PORT_ArenaUnmark(poolp, mark);
+ return SECSuccess;
+
+loser:
+ PORT_ArenaRelease(poolp, mark);
+ inCertReqMsg->pop = NULL;
+ return SECFailure;
}
static SECStatus
crmf_decode_process_single_control(PLArenaPool *poolp,
- CRMFControl *inControl)
+ CRMFControl *inControl)
{
const SEC_ASN1Template *asn1Template = NULL;
inControl->tag = SECOID_FindOIDTag(&inControl->derTag);
asn1Template = crmf_get_pkiarchiveoptions_subtemplate(inControl);
- PORT_Assert (asn1Template != NULL);
- PORT_Assert (poolp != NULL);
+ PORT_Assert(asn1Template != NULL);
+ PORT_Assert(poolp != NULL);
if (!asn1Template || !poolp) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
/* We've got a union, so passing a pointer to one element of the
* union is the same as passing a pointer to any of the other
* members of the union.
*/
- return SEC_ASN1Decode(poolp, &inControl->value.archiveOptions,
- asn1Template, (const char*)inControl->derValue.data,
- inControl->derValue.len);
+ return SEC_ASN1Decode(poolp, &inControl->value.archiveOptions,
+ asn1Template, (const char *)inControl->derValue.data,
+ inControl->derValue.len);
}
-static SECStatus
+static SECStatus
crmf_decode_process_controls(CRMFCertReqMsg *inCertReqMsg)
{
- int i, numControls;
- SECStatus rv;
- PLArenaPool *poolp;
+ int i, numControls;
+ SECStatus rv;
+ PLArenaPool *poolp;
CRMFControl **controls;
-
+
numControls = CRMF_CertRequestGetNumControls(inCertReqMsg->certReq);
controls = inCertReqMsg->certReq->controls;
- poolp = inCertReqMsg->poolp;
- for (i=0; i < numControls; i++) {
+ poolp = inCertReqMsg->poolp;
+ for (i = 0; i < numControls; i++) {
rv = crmf_decode_process_single_control(poolp, controls[i]);
- if (rv != SECSuccess) {
- return SECFailure;
- }
+ if (rv != SECSuccess) {
+ return SECFailure;
+ }
}
return SECSuccess;
}
@@ -274,26 +271,26 @@ crmf_decode_process_single_reqmsg(CRMFCertReqMsg *inCertReqMsg)
if (rv != SECSuccess) {
goto loser;
}
- inCertReqMsg->certReq->certTemplate.numExtensions =
+ inCertReqMsg->certReq->certTemplate.numExtensions =
CRMF_CertRequestGetNumberOfExtensions(inCertReqMsg->certReq);
inCertReqMsg->isDecoded = PR_TRUE;
rv = SECSuccess;
- loser:
+loser:
return rv;
}
-CRMFCertReqMsg*
-CRMF_CreateCertReqMsgFromDER (const char * buf, long len)
+CRMFCertReqMsg *
+CRMF_CreateCertReqMsgFromDER(const char *buf, long len)
{
- PLArenaPool *poolp;
+ PLArenaPool *poolp;
CRMFCertReqMsg *certReqMsg;
- SECStatus rv;
+ SECStatus rv;
poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
if (poolp == NULL) {
goto loser;
}
- certReqMsg = PORT_ArenaZNew (poolp, CRMFCertReqMsg);
+ certReqMsg = PORT_ArenaZNew(poolp, CRMFCertReqMsg);
if (certReqMsg == NULL) {
goto loser;
}
@@ -309,27 +306,27 @@ CRMF_CreateCertReqMsgFromDER (const char * buf, long len)
}
return certReqMsg;
- loser:
+loser:
if (poolp != NULL) {
PORT_FreeArena(poolp, PR_FALSE);
}
return NULL;
}
-CRMFCertReqMessages*
+CRMFCertReqMessages *
CRMF_CreateCertReqMessagesFromDER(const char *buf, long len)
{
- long arenaSize;
- int i;
- SECStatus rv;
- PLArenaPool *poolp;
+ long arenaSize;
+ int i;
+ SECStatus rv;
+ PLArenaPool *poolp;
CRMFCertReqMessages *certReqMsgs;
- PORT_Assert (buf != NULL);
+ PORT_Assert(buf != NULL);
/* Wanna make sure the arena is big enough to store all of the requests
* coming in. We'll guestimate according to the length of the buffer.
*/
- arenaSize = len + len/2;
+ arenaSize = len + len / 2;
poolp = PORT_NewArena(arenaSize);
if (poolp == NULL) {
return NULL;
@@ -340,24 +337,24 @@ CRMF_CreateCertReqMessagesFromDER(const char *buf, long len)
}
certReqMsgs->poolp = poolp;
rv = SEC_ASN1Decode(poolp, certReqMsgs, CRMFCertReqMessagesTemplate,
- buf, len);
+ buf, len);
if (rv != SECSuccess) {
goto loser;
}
- for (i=0; certReqMsgs->messages[i] != NULL; i++) {
- /* The sub-routines expect the individual messages to have
- * an arena. We'll give them one temporarily.
- */
+ for (i = 0; certReqMsgs->messages[i] != NULL; i++) {
+ /* The sub-routines expect the individual messages to have
+ * an arena. We'll give them one temporarily.
+ */
certReqMsgs->messages[i]->poolp = poolp;
rv = crmf_decode_process_single_reqmsg(certReqMsgs->messages[i]);
- if (rv != SECSuccess) {
- goto loser;
- }
+ if (rv != SECSuccess) {
+ goto loser;
+ }
certReqMsgs->messages[i]->poolp = NULL;
}
return certReqMsgs;
- loser:
+loser:
PORT_FreeArena(poolp, PR_FALSE);
return NULL;
}
diff --git a/lib/crmf/crmfenc.c b/lib/crmf/crmfenc.c
index bf3601836..6d01a45ce 100644
--- a/lib/crmf/crmfenc.c
+++ b/lib/crmf/crmfenc.c
@@ -3,53 +3,46 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
#include "crmf.h"
#include "crmfi.h"
-SECStatus
-CRMF_EncodeCertReqMsg(CRMFCertReqMsg *inCertReqMsg,
- CRMFEncoderOutputCallback fn,
- void *arg)
+SECStatus
+CRMF_EncodeCertReqMsg(CRMFCertReqMsg *inCertReqMsg,
+ CRMFEncoderOutputCallback fn,
+ void *arg)
{
struct crmfEncoderOutput output;
- output.fn = fn;
+ output.fn = fn;
output.outputArg = arg;
- return SEC_ASN1Encode(inCertReqMsg,CRMFCertReqMsgTemplate,
- crmf_encoder_out, &output);
-
+ return SEC_ASN1Encode(inCertReqMsg, CRMFCertReqMsgTemplate,
+ crmf_encoder_out, &output);
}
-
SECStatus
-CRMF_EncodeCertRequest(CRMFCertRequest *inCertReq,
- CRMFEncoderOutputCallback fn,
- void *arg)
+CRMF_EncodeCertRequest(CRMFCertRequest *inCertReq,
+ CRMFEncoderOutputCallback fn,
+ void *arg)
{
struct crmfEncoderOutput output;
- output.fn = fn;
+ output.fn = fn;
output.outputArg = arg;
- return SEC_ASN1Encode(inCertReq, CRMFCertRequestTemplate,
- crmf_encoder_out, &output);
+ return SEC_ASN1Encode(inCertReq, CRMFCertRequestTemplate,
+ crmf_encoder_out, &output);
}
SECStatus
-CRMF_EncodeCertReqMessages(CRMFCertReqMsg **inCertReqMsgs,
- CRMFEncoderOutputCallback fn,
- void *arg)
+CRMF_EncodeCertReqMessages(CRMFCertReqMsg **inCertReqMsgs,
+ CRMFEncoderOutputCallback fn,
+ void *arg)
{
struct crmfEncoderOutput output;
CRMFCertReqMessages msgs;
-
- output.fn = fn;
+
+ output.fn = fn;
output.outputArg = arg;
msgs.messages = inCertReqMsgs;
return SEC_ASN1Encode(&msgs, CRMFCertReqMessagesTemplate,
- crmf_encoder_out, &output);
+ crmf_encoder_out, &output);
}
-
-
-
-
diff --git a/lib/crmf/crmffut.h b/lib/crmf/crmffut.h
index bde8241f0..d6f937438 100644
--- a/lib/crmf/crmffut.h
+++ b/lib/crmf/crmffut.h
@@ -8,112 +8,111 @@
*/
/*
- * Use this function to create the CRMFSinglePubInfo* variables that will
+ * Use this function to create the CRMFSinglePubInfo* variables that will
* populate the inPubInfoArray parameter for the function
* CRMF_CreatePKIPublicationInfo.
*
* "inPubMethod" specifies which publication method will be used
- * "pubLocation" is a representation of the location where
+ * "pubLocation" is a representation of the location where
*/
-extern CRMFSinglePubInfo*
- CRMF_CreateSinglePubInfo(CRMFPublicationMethod inPubMethod,
- CRMFGeneralName *pubLocation);
+extern CRMFSinglePubInfo *
+CRMF_CreateSinglePubInfo(CRMFPublicationMethod inPubMethod,
+ CRMFGeneralName *pubLocation);
/*
* Create a PKIPublicationInfo that can later be passed to the function
* CRMFAddPubInfoControl.
*/
extern CRMFPKIPublicationInfo *
- CRMF_CreatePKIPublicationInfo(CRMFPublicationAction inAction,
- CRMFSinglePubInfo **inPubInfoArray,
- int numPubInfo);
+CRMF_CreatePKIPublicationInfo(CRMFPublicationAction inAction,
+ CRMFSinglePubInfo **inPubInfoArray,
+ int numPubInfo);
/*
* Only call this function on a CRMFPublicationInfo that was created by
* CRMF_CreatePKIPublicationInfo that was passed in NULL for arena.
*/
-extern SECStatus
- CRMF_DestroyPKIPublicationInfo(CRMFPKIPublicationInfo *inPubInfo);
+extern SECStatus
+CRMF_DestroyPKIPublicationInfo(CRMFPKIPublicationInfo *inPubInfo);
-extern SECStatus CRMF_AddPubInfoControl(CRMFCertRequest *inCertReq,
- CRMFPKIPublicationInfo *inPubInfo);
+extern SECStatus CRMF_AddPubInfoControl(CRMFCertRequest *inCertReq,
+ CRMFPKIPublicationInfo *inPubInfo);
/*
- * This is to create a Cert ID Control which can later be added to
+ * This is to create a Cert ID Control which can later be added to
* a certificate request.
*/
-extern CRMFCertID* CRMF_CreateCertID(CRMFGeneralName *issuer,
- long serialNumber);
+extern CRMFCertID *CRMF_CreateCertID(CRMFGeneralName *issuer,
+ long serialNumber);
-extern SECStatus CRMF_DestroyCertID(CRMFCertID* certID);
+extern SECStatus CRMF_DestroyCertID(CRMFCertID *certID);
extern SECStatus CRMF_AddCertIDControl(CRMFCertRequest *inCertReq,
- CRMFCertID *certID);
+ CRMFCertID *certID);
-extern SECStatus
- CRMF_AddProtocolEncryptioKeyControl(CRMFCertRequest *inCertReq,
- CERTSubjectPublicKeyInfo *spki);
+extern SECStatus
+CRMF_AddProtocolEncryptioKeyControl(CRMFCertRequest *inCertReq,
+ CERTSubjectPublicKeyInfo *spki);
/*
* Add the ASCII Pairs Registration Info to the Certificate Request.
* The SECItem must be an OCTET string representation.
*/
extern SECStatus
- CRMF_AddUTF8PairsRegInfo(CRMFCertRequest *inCertReq,
- SECItem *asciiPairs);
+CRMF_AddUTF8PairsRegInfo(CRMFCertRequest *inCertReq,
+ SECItem *asciiPairs);
/*
- * This takes a CertRequest and adds it to another CertRequest.
+ * This takes a CertRequest and adds it to another CertRequest.
*/
extern SECStatus
- CRMF_AddCertReqToRegInfo(CRMFCertRequest *certReqToAddTo,
- CRMFCertRequest *certReqBeingAdded);
+CRMF_AddCertReqToRegInfo(CRMFCertRequest *certReqToAddTo,
+ CRMFCertRequest *certReqBeingAdded);
/*
* Returns which option was used for the authInfo field of POPOSigningKeyInput
*/
-extern CRMFPOPOSkiInputAuthChoice
- CRMF_GetSignKeyInputAuthChoice(CRMFPOPOSigningKeyInput *inKeyInput);
+extern CRMFPOPOSkiInputAuthChoice
+CRMF_GetSignKeyInputAuthChoice(CRMFPOPOSigningKeyInput *inKeyInput);
/*
* Gets the PKMACValue associated with the POPOSigningKeyInput.
- * If the POPOSigningKeyInput did not use authInfo.publicKeyMAC
+ * If the POPOSigningKeyInput did not use authInfo.publicKeyMAC
* the function returns SECFailure and the value at *destValue is unchanged.
*
* If the POPOSigningKeyInput did use authInfo.publicKeyMAC, the function
* returns SECSuccess and places the PKMACValue at *destValue.
*/
-extern SECStatus
- CRMF_GetSignKeyInputPKMACValue(CRMFPOPOSigningKeyInput *inKeyInput,
- CRMFPKMACValue **destValue);
+extern SECStatus
+CRMF_GetSignKeyInputPKMACValue(CRMFPOPOSigningKeyInput *inKeyInput,
+ CRMFPKMACValue **destValue);
/*
* Gets the SubjectPublicKeyInfo from the POPOSigningKeyInput
*/
extern CERTSubjectPublicKeyInfo *
- CRMF_GetSignKeyInputPublicKey(CRMFPOPOSigningKeyInput *inKeyInput);
-
+CRMF_GetSignKeyInputPublicKey(CRMFPOPOSigningKeyInput *inKeyInput);
/*
* Return the value for the PKIPublicationInfo Control.
- * A return value of NULL indicates that the Control was
- * not a PKIPublicationInfo Control. Call
+ * A return value of NULL indicates that the Control was
+ * not a PKIPublicationInfo Control. Call
* CRMF_DestroyPKIPublicationInfo on the return value when done
* using the pointer.
*/
-extern CRMFPKIPublicationInfo* CRMF_GetPKIPubInfo(CRMFControl *inControl);
+extern CRMFPKIPublicationInfo *CRMF_GetPKIPubInfo(CRMFControl *inControl);
/*
* Free up a CRMFPKIPublicationInfo structure.
*/
-extern SECStatus
- CRMF_DestroyPKIPublicationInfo(CRMFPKIPublicationInfo *inPubInfo);
+extern SECStatus
+CRMF_DestroyPKIPublicationInfo(CRMFPKIPublicationInfo *inPubInfo);
/*
* Get the choice used for action in this PKIPublicationInfo.
*/
-extern CRMFPublicationAction
- CRMF_GetPublicationAction(CRMFPKIPublicationInfo *inPubInfo);
+extern CRMFPublicationAction
+CRMF_GetPublicationAction(CRMFPKIPublicationInfo *inPubInfo);
/*
* Get the number of pubInfos are stored in the PKIPubicationInfo.
@@ -124,9 +123,9 @@ extern int CRMF_GetNumPubInfos(CRMFPKIPublicationInfo *inPubInfo);
* Get the pubInfo at index for the given PKIPubicationInfo.
* Indexing is done like a traditional C Array. (0 .. numElements-1)
*/
-extern CRMFSinglePubInfo*
- CRMF_GetPubInfoAtIndex(CRMFPKIPublicationInfo *inPubInfo,
- int index);
+extern CRMFSinglePubInfo *
+CRMF_GetPubInfoAtIndex(CRMFPKIPublicationInfo *inPubInfo,
+ int index);
/*
* Destroy the CRMFSinglePubInfo.
@@ -136,15 +135,15 @@ extern SECStatus CRMF_DestroySinglePubInfo(CRMFSinglePubInfo *inPubInfo);
/*
* Get the pubMethod used by the SinglePubInfo.
*/
-extern CRMFPublicationMethod
- CRMF_GetPublicationMethod(CRMFSinglePubInfo *inPubInfo);
+extern CRMFPublicationMethod
+CRMF_GetPublicationMethod(CRMFSinglePubInfo *inPubInfo);
/*
* Get the pubLocation associated with the SinglePubInfo.
* A NULL return value indicates there was no pubLocation associated
* with the SinglePuInfo.
*/
-extern CRMFGeneralName* CRMF_GetPubLocation(CRMFSinglePubInfo *inPubInfo);
+extern CRMFGeneralName *CRMF_GetPubLocation(CRMFSinglePubInfo *inPubInfo);
/*
* Get the authInfo.sender field out of the POPOSigningKeyInput.
@@ -155,7 +154,7 @@ extern CRMFGeneralName* CRMF_GetPubLocation(CRMFSinglePubInfo *inPubInfo);
* SECSuccess and puts the authInfo.sender at *destName/
*/
extern SECStatus CRMF_GetSignKeyInputSender(CRMFPOPOSigningKeyInput *keyInput,
- CRMFGeneralName **destName);
+ CRMFGeneralName **destName);
/**************** CMMF Functions that need to be added. **********************/
@@ -175,7 +174,7 @@ extern SECStatus CRMF_GetSignKeyInputSender(CRMFPOPOSigningKeyInput *keyInput,
* contained by 'inDecKeyChall'. Refer to the CMMF draft on how the
* the random number passed in and the sender's GeneralName are used
* to generate the challenge and witness fields of the challenge. This
- * library will use SHA1 as the one-way function for generating the
+ * library will use SHA1 as the one-way function for generating the
* witess field of the challenge.
*
* RETURN:
@@ -184,11 +183,10 @@ extern SECStatus CRMF_GetSignKeyInputSender(CRMFPOPOSigningKeyInput *keyInput,
* while trying to generate the challenge.
*/
extern SECStatus
-CMMF_POPODecKeyChallContentSetNextChallenge
- (CMMFPOPODecKeyChallContent *inDecKeyChall,
- long inRandom,
- CERTGeneralName *inSender,
- SECKEYPublicKey *inPubKey);
+CMMF_POPODecKeyChallContentSetNextChallenge(CMMFPOPODecKeyChallContent *inDecKeyChall,
+ long inRandom,
+ CERTGeneralName *inSender,
+ SECKEYPublicKey *inPubKey);
/*
* FUNCTION: CMMF_POPODecKeyChallContentGetNumChallenges
@@ -196,11 +194,10 @@ CMMF_POPODecKeyChallContentSetNextChallenge
* inKeyChallCont
* The CMMFPOPODecKeyChallContent to operate on.
* RETURN:
- * This function returns the number of CMMFChallenges are contained in
+ * This function returns the number of CMMFChallenges are contained in
* the CMMFPOPODecKeyChallContent structure.
*/
-extern int CMMF_POPODecKeyChallContentGetNumChallenges
- (CMMFPOPODecKeyChallContent *inKeyChallCont);
+extern int CMMF_POPODecKeyChallContentGetNumChallenges(CMMFPOPODecKeyChallContent *inKeyChallCont);
/*
* FUNCTION: CMMF_ChallengeGetRandomNumber
@@ -213,9 +210,9 @@ extern int CMMF_POPODecKeyChallContentGetNumChallenges
* challenge.
* NOTES:
* This function returns the value held in the decrypted Rand structure
- * corresponding to the random integer. The user must call
- * CMMF_ChallengeDecryptWitness before calling this function. Call
- * CMMF_ChallengeIsDecrypted to find out if the challenge has been
+ * corresponding to the random integer. The user must call
+ * CMMF_ChallengeDecryptWitness before calling this function. Call
+ * CMMF_ChallengeIsDecrypted to find out if the challenge has been
* decrypted.
*
* RETURN:
@@ -225,7 +222,7 @@ extern int CMMF_POPODecKeyChallContentGetNumChallenges
* is not a valid value.
*/
extern SECStatus CMMF_ChallengeGetRandomNumber(CMMFChallenge *inChallenge,
- long *inDest);
+ long *inDest);
/*
* FUNCTION: CMMF_ChallengeGetSender
@@ -234,8 +231,8 @@ extern SECStatus CMMF_ChallengeGetRandomNumber(CMMFChallenge *inChallenge,
* the CMMFChallenge to operate on.
* NOTES:
* This function returns the value held in the decrypted Rand structure
- * corresponding to the sender. The user must call
- * CMMF_ChallengeDecryptWitness before calling this function. Call
+ * corresponding to the sender. The user must call
+ * CMMF_ChallengeDecryptWitness before calling this function. Call
* CMMF_ChallengeIsDecrypted to find out if the witness field has been
* decrypted. The user must call CERT_DestroyGeneralName after the return
* value is no longer needed.
@@ -245,7 +242,7 @@ extern SECStatus CMMF_ChallengeGetRandomNumber(CMMFChallenge *inChallenge,
* NULL indicates an error in trying to copy the information or that the
* witness field has not been decrypted.
*/
-extern CERTGeneralName* CMMF_ChallengeGetSender(CMMFChallenge *inChallenge);
+extern CERTGeneralName *CMMF_ChallengeGetSender(CMMFChallenge *inChallenge);
/*
* FUNCTION: CMMF_ChallengeGetAlgId
@@ -256,19 +253,19 @@ extern CERTGeneralName* CMMF_ChallengeGetSender(CMMFChallenge *inChallenge);
* A pointer to memory where a pointer to a copy of the algorithm
* id can be placed.
* NOTES:
- * This function retrieves the one way function algorithm identifier
+ * This function retrieves the one way function algorithm identifier
* contained within the CMMFChallenge if the optional field is present.
*
* RETURN:
* SECSucces indicates the function was able to place a pointer to a copy of
- * the alogrithm id at *inAlgId. If the value at *inDestAlgId is NULL,
- * that means there was no algorithm identifier present in the
- * CMMFChallenge. Any other return value indicates the function was not
- * able to make a copy of the algorithm identifier. In this case the value
+ * the alogrithm id at *inAlgId. If the value at *inDestAlgId is NULL,
+ * that means there was no algorithm identifier present in the
+ * CMMFChallenge. Any other return value indicates the function was not
+ * able to make a copy of the algorithm identifier. In this case the value
* at *inDestAlgId is not valid.
*/
-extern SECStatus CMMF_ChallengeGetAlgId(CMMFChallenge *inChallenge,
- SECAlgorithmID *inAlgId);
+extern SECStatus CMMF_ChallengeGetAlgId(CMMFChallenge *inChallenge,
+ SECAlgorithmID *inAlgId);
/*
* FUNCTION: CMMF_DestroyChallenge
@@ -276,14 +273,14 @@ extern SECStatus CMMF_ChallengeGetAlgId(CMMFChallenge *inChallenge,
* inChallenge
* The CMMFChallenge to free up.
* NOTES:
- * This function frees up all the memory associated with the CMMFChallenge
+ * This function frees up all the memory associated with the CMMFChallenge
* passed in.
* RETURN:
* SECSuccess if freeing all the memory associated with the CMMFChallenge
- * passed in is successful. Any other return value indicates an error
+ * passed in is successful. Any other return value indicates an error
* while freeing the memory.
*/
-extern SECStatus CMMF_DestroyChallenge (CMMFChallenge *inChallenge);
+extern SECStatus CMMF_DestroyChallenge(CMMFChallenge *inChallenge);
/*
* FUNCTION: CMMF_DestroyPOPODecKeyRespContent
@@ -291,7 +288,7 @@ extern SECStatus CMMF_DestroyChallenge (CMMFChallenge *inChallenge);
* inDecKeyResp
* The CMMFPOPODecKeyRespContent structure to free.
* NOTES:
- * This function frees up all the memory associate with the
+ * This function frees up all the memory associate with the
* CMMFPOPODecKeyRespContent.
*
* RETURN:
@@ -300,7 +297,7 @@ extern SECStatus CMMF_DestroyChallenge (CMMFChallenge *inChallenge);
* return value indicates an error while freeing the memory.
*/
extern SECStatus
- CMMF_DestroyPOPODecKeyRespContent(CMMFPOPODecKeyRespContent *inDecKeyResp);
+CMMF_DestroyPOPODecKeyRespContent(CMMFPOPODecKeyRespContent *inDecKeyResp);
/*
* FUNCTION: CMMF_ChallengeDecryptWitness
@@ -312,7 +309,7 @@ extern SECStatus
* NOTES:
* This function uses the private key to decrypt the challenge field
* contained in the CMMFChallenge. Make sure the private key matches the
- * public key that was used to encrypt the witness. The creator of
+ * public key that was used to encrypt the witness. The creator of
* the challenge will most likely be an RA that has the public key
* from a Cert request. So the private key should be the private key
* associated with public key in that request. This function will also
@@ -320,15 +317,15 @@ extern SECStatus
*
* RETURN:
* SECSuccess if decrypting the witness field was successful. This does
- * not indicate that the decrypted data is valid, since the private key
- * passed in may not be the actual key needed to properly decrypt the
+ * not indicate that the decrypted data is valid, since the private key
+ * passed in may not be the actual key needed to properly decrypt the
* witness field. Meaning that there is a decrypted structure now, but
* may be garbage because the private key was incorrect.
* Any other return value indicates the function could not complete the
* decryption process.
*/
-extern SECStatus CMMF_ChallengeDecryptWitness(CMMFChallenge *inChallenge,
- SECKEYPrivateKey *inPrivKey);
+extern SECStatus CMMF_ChallengeDecryptWitness(CMMFChallenge *inChallenge,
+ SECKEYPrivateKey *inPrivKey);
/*
* FUNCTION: CMMF_ChallengeIsDecrypted
@@ -336,8 +333,8 @@ extern SECStatus CMMF_ChallengeDecryptWitness(CMMFChallenge *inChallenge,
* inChallenge
* The CMMFChallenge to operate on.
* RETURN:
- * This is a predicate function that returns PR_TRUE if the decryption
- * process has already been performed. The function return PR_FALSE if
+ * This is a predicate function that returns PR_TRUE if the decryption
+ * process has already been performed. The function return PR_FALSE if
* the decryption process has not been performed yet.
*/
extern PRBool CMMF_ChallengeIsDecrypted(CMMFChallenge *inChallenge);
@@ -348,14 +345,13 @@ extern PRBool CMMF_ChallengeIsDecrypted(CMMFChallenge *inChallenge);
* inDecKeyCont
* The CMMFPOPODecKeyChallContent to free
* NOTES:
- * This function frees up all the memory associated with the
- * CMMFPOPODecKeyChallContent
+ * This function frees up all the memory associated with the
+ * CMMFPOPODecKeyChallContent
* RETURN:
- * SECSuccess if freeing up all the memory associatd with the
+ * SECSuccess if freeing up all the memory associatd with the
* CMMFPOPODecKeyChallContent is successful. Any other return value
* indicates an error while freeing the memory.
*
*/
-extern SECStatus
- CMMF_DestroyPOPODecKeyChallContent (CMMFPOPODecKeyChallContent *inDecKeyCont);
-
+extern SECStatus
+CMMF_DestroyPOPODecKeyChallContent(CMMFPOPODecKeyChallContent *inDecKeyCont);
diff --git a/lib/crmf/crmfget.c b/lib/crmf/crmfget.c
index 4886cda9b..86514a7ac 100644
--- a/lib/crmf/crmfget.c
+++ b/lib/crmf/crmfget.c
@@ -8,7 +8,6 @@
#include "keyhi.h"
#include "secder.h"
-
CRMFPOPChoice
CRMF_CertReqMsgGetPOPType(CRMFCertReqMsg *inCertReqMsg)
{
@@ -22,50 +21,51 @@ CRMF_CertReqMsgGetPOPType(CRMFCertReqMsg *inCertReqMsg)
static SECStatus
crmf_destroy_validity(CRMFOptionalValidity *inValidity, PRBool freeit)
{
- if (inValidity != NULL){
+ if (inValidity != NULL) {
if (inValidity->notBefore.data != NULL) {
- PORT_Free(inValidity->notBefore.data);
- }
- if (inValidity->notAfter.data != NULL) {
- PORT_Free(inValidity->notAfter.data);
- }
- if (freeit) {
- PORT_Free(inValidity);
- }
+ PORT_Free(inValidity->notBefore.data);
+ }
+ if (inValidity->notAfter.data != NULL) {
+ PORT_Free(inValidity->notAfter.data);
+ }
+ if (freeit) {
+ PORT_Free(inValidity);
+ }
}
return SECSuccess;
}
-static SECStatus
-crmf_copy_cert_request_validity(PLArenaPool *poolp,
- CRMFOptionalValidity **destValidity,
- CRMFOptionalValidity *srcValidity)
+static SECStatus
+crmf_copy_cert_request_validity(PLArenaPool *poolp,
+ CRMFOptionalValidity **destValidity,
+ CRMFOptionalValidity *srcValidity)
{
CRMFOptionalValidity *myValidity = NULL;
- SECStatus rv;
+ SECStatus rv;
*destValidity = myValidity = (poolp == NULL) ?
- PORT_ZNew(CRMFOptionalValidity) :
- PORT_ArenaZNew(poolp, CRMFOptionalValidity);
+ PORT_ZNew(CRMFOptionalValidity)
+ :
+ PORT_ArenaZNew(poolp, CRMFOptionalValidity);
if (myValidity == NULL) {
goto loser;
}
if (srcValidity->notBefore.data != NULL) {
- rv = SECITEM_CopyItem(poolp, &myValidity->notBefore,
- &srcValidity->notBefore);
- if (rv != SECSuccess) {
- goto loser;
- }
+ rv = SECITEM_CopyItem(poolp, &myValidity->notBefore,
+ &srcValidity->notBefore);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
}
if (srcValidity->notAfter.data != NULL) {
- rv = SECITEM_CopyItem(poolp, &myValidity->notAfter,
- &srcValidity->notAfter);
- if (rv != SECSuccess) {
- goto loser;
- }
+ rv = SECITEM_CopyItem(poolp, &myValidity->notAfter,
+ &srcValidity->notAfter);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
}
return SECSuccess;
- loser:
+loser:
if (myValidity != NULL && poolp == NULL) {
crmf_destroy_validity(myValidity, PR_TRUE);
}
@@ -73,11 +73,11 @@ crmf_copy_cert_request_validity(PLArenaPool *poolp,
}
static SECStatus
-crmf_copy_extensions(PLArenaPool *poolp,
- CRMFCertTemplate *destTemplate,
- CRMFCertExtension **srcExt)
+crmf_copy_extensions(PLArenaPool *poolp,
+ CRMFCertTemplate *destTemplate,
+ CRMFCertExtension **srcExt)
{
- int numExt = 0, i;
+ int numExt = 0, i;
CRMFCertExtension **myExtArray = NULL;
while (srcExt[numExt] != NULL) {
@@ -86,32 +86,32 @@ crmf_copy_extensions(PLArenaPool *poolp,
if (numExt == 0) {
/*No extensions to copy.*/
destTemplate->extensions = NULL;
- destTemplate->numExtensions = 0;
+ destTemplate->numExtensions = 0;
return SECSuccess;
}
- destTemplate->extensions = myExtArray =
- PORT_NewArray(CRMFCertExtension*, numExt+1);
+ destTemplate->extensions = myExtArray =
+ PORT_NewArray(CRMFCertExtension *, numExt + 1);
if (myExtArray == NULL) {
goto loser;
}
-
- for (i=0; i<numExt; i++) {
+
+ for (i = 0; i < numExt; i++) {
myExtArray[i] = crmf_copy_cert_extension(poolp, srcExt[i]);
- if (myExtArray[i] == NULL) {
- goto loser;
- }
+ if (myExtArray[i] == NULL) {
+ goto loser;
+ }
}
destTemplate->numExtensions = numExt;
myExtArray[numExt] = NULL;
return SECSuccess;
- loser:
+loser:
if (myExtArray != NULL) {
if (poolp == NULL) {
- for (i=0; myExtArray[i] != NULL; i++) {
- CRMF_DestroyCertExtension(myExtArray[i]);
- }
- }
- PORT_Free(myExtArray);
+ for (i = 0; myExtArray[i] != NULL; i++) {
+ CRMF_DestroyCertExtension(myExtArray[i]);
+ }
+ }
+ PORT_Free(myExtArray);
}
destTemplate->extensions = NULL;
destTemplate->numExtensions = 0;
@@ -119,95 +119,95 @@ crmf_copy_extensions(PLArenaPool *poolp,
}
static SECStatus
-crmf_copy_cert_request_template(PLArenaPool *poolp,
- CRMFCertTemplate *destTemplate,
- CRMFCertTemplate *srcTemplate)
+crmf_copy_cert_request_template(PLArenaPool *poolp,
+ CRMFCertTemplate *destTemplate,
+ CRMFCertTemplate *srcTemplate)
{
SECStatus rv;
if (srcTemplate->version.data != NULL) {
- rv = SECITEM_CopyItem(poolp, &destTemplate->version,
- &srcTemplate->version);
- if (rv != SECSuccess) {
- goto loser;
- }
+ rv = SECITEM_CopyItem(poolp, &destTemplate->version,
+ &srcTemplate->version);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
}
if (srcTemplate->serialNumber.data != NULL) {
rv = SECITEM_CopyItem(poolp, &destTemplate->serialNumber,
- &srcTemplate->serialNumber);
- if (rv != SECSuccess) {
- goto loser;
- }
+ &srcTemplate->serialNumber);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
}
if (srcTemplate->signingAlg != NULL) {
rv = crmf_template_copy_secalg(poolp, &destTemplate->signingAlg,
- srcTemplate->signingAlg);
- if (rv != SECSuccess) {
- goto loser;
- }
+ srcTemplate->signingAlg);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
}
if (srcTemplate->issuer != NULL) {
rv = crmf_copy_cert_name(poolp, &destTemplate->issuer,
- srcTemplate->issuer);
- if (rv != SECSuccess) {
- goto loser;
- }
+ srcTemplate->issuer);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
}
if (srcTemplate->validity != NULL) {
rv = crmf_copy_cert_request_validity(poolp, &destTemplate->validity,
- srcTemplate->validity);
- if (rv != SECSuccess) {
- goto loser;
- }
+ srcTemplate->validity);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
}
if (srcTemplate->subject != NULL) {
- rv = crmf_copy_cert_name(poolp, &destTemplate->subject,
- srcTemplate->subject);
- if (rv != SECSuccess) {
- goto loser;
- }
+ rv = crmf_copy_cert_name(poolp, &destTemplate->subject,
+ srcTemplate->subject);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
}
if (srcTemplate->publicKey != NULL) {
rv = crmf_template_add_public_key(poolp, &destTemplate->publicKey,
- srcTemplate->publicKey);
- if (rv != SECSuccess) {
- goto loser;
- }
+ srcTemplate->publicKey);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
}
if (srcTemplate->issuerUID.data != NULL) {
rv = crmf_make_bitstring_copy(poolp, &destTemplate->issuerUID,
- &srcTemplate->issuerUID);
- if (rv != SECSuccess) {
- goto loser;
- }
+ &srcTemplate->issuerUID);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
}
if (srcTemplate->subjectUID.data != NULL) {
rv = crmf_make_bitstring_copy(poolp, &destTemplate->subjectUID,
- &srcTemplate->subjectUID);
- if (rv != SECSuccess) {
- goto loser;
- }
+ &srcTemplate->subjectUID);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
}
if (srcTemplate->extensions != NULL) {
rv = crmf_copy_extensions(poolp, destTemplate,
- srcTemplate->extensions);
- if (rv != SECSuccess) {
- goto loser;
- }
+ srcTemplate->extensions);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
}
return SECSuccess;
- loser:
+loser:
return SECFailure;
}
-static CRMFControl*
+static CRMFControl *
crmf_copy_control(PLArenaPool *poolp, CRMFControl *srcControl)
{
CRMFControl *newControl;
- SECStatus rv;
+ SECStatus rv;
newControl = (poolp == NULL) ? PORT_ZNew(CRMFControl) :
- PORT_ArenaZNew(poolp, CRMFControl);
+ PORT_ArenaZNew(poolp, CRMFControl);
if (newControl == NULL) {
goto loser;
}
@@ -225,20 +225,20 @@ crmf_copy_control(PLArenaPool *poolp, CRMFControl *srcControl)
* then they need to be handled here as well.
*/
switch (newControl->tag) {
- case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS:
- rv = crmf_copy_pkiarchiveoptions(poolp,
- &newControl->value.archiveOptions,
- &srcControl->value.archiveOptions);
- break;
- default:
- rv = SECSuccess;
+ case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS:
+ rv = crmf_copy_pkiarchiveoptions(poolp,
+ &newControl->value.archiveOptions,
+ &srcControl->value.archiveOptions);
+ break;
+ default:
+ rv = SECSuccess;
}
if (rv != SECSuccess) {
goto loser;
}
return newControl;
- loser:
+loser:
if (poolp == NULL && newControl != NULL) {
CRMF_DestroyControl(newControl);
}
@@ -246,11 +246,11 @@ crmf_copy_control(PLArenaPool *poolp, CRMFControl *srcControl)
}
static SECStatus
-crmf_copy_cert_request_controls(PLArenaPool *poolp,
- CRMFCertRequest *destReq,
- CRMFCertRequest *srcReq)
+crmf_copy_cert_request_controls(PLArenaPool *poolp,
+ CRMFCertRequest *destReq,
+ CRMFCertRequest *srcReq)
{
- int numControls, i;
+ int numControls, i;
CRMFControl **myControls = NULL;
numControls = CRMF_CertRequestGetNumControls(srcReq);
@@ -258,43 +258,42 @@ crmf_copy_cert_request_controls(PLArenaPool *poolp,
/* No Controls To Copy*/
return SECSuccess;
}
- myControls = destReq->controls = PORT_NewArray(CRMFControl*,
- numControls+1);
+ myControls = destReq->controls = PORT_NewArray(CRMFControl *,
+ numControls + 1);
if (myControls == NULL) {
goto loser;
}
- for (i=0; i<numControls; i++) {
+ for (i = 0; i < numControls; i++) {
myControls[i] = crmf_copy_control(poolp, srcReq->controls[i]);
- if (myControls[i] == NULL) {
- goto loser;
- }
+ if (myControls[i] == NULL) {
+ goto loser;
+ }
}
myControls[numControls] = NULL;
return SECSuccess;
- loser:
+loser:
if (myControls != NULL) {
if (poolp == NULL) {
- for (i=0; myControls[i] != NULL; i++) {
- CRMF_DestroyControl(myControls[i]);
- }
- }
- PORT_Free(myControls);
+ for (i = 0; myControls[i] != NULL; i++) {
+ CRMF_DestroyControl(myControls[i]);
+ }
+ }
+ PORT_Free(myControls);
}
return SECFailure;
}
-
-CRMFCertRequest*
+CRMFCertRequest *
crmf_copy_cert_request(PLArenaPool *poolp, CRMFCertRequest *srcReq)
{
CRMFCertRequest *newReq = NULL;
- SECStatus rv;
+ SECStatus rv;
if (srcReq == NULL) {
return NULL;
}
newReq = (poolp == NULL) ? PORT_ZNew(CRMFCertRequest) :
- PORT_ArenaZNew(poolp, CRMFCertRequest);
+ PORT_ArenaZNew(poolp, CRMFCertRequest);
if (newReq == NULL) {
goto loser;
}
@@ -302,8 +301,8 @@ crmf_copy_cert_request(PLArenaPool *poolp, CRMFCertRequest *srcReq)
if (rv != SECSuccess) {
goto loser;
}
- rv = crmf_copy_cert_request_template(poolp, &newReq->certTemplate,
- &srcReq->certTemplate);
+ rv = crmf_copy_cert_request_template(poolp, &newReq->certTemplate,
+ &srcReq->certTemplate);
if (rv != SECSuccess) {
goto loser;
}
@@ -312,7 +311,7 @@ crmf_copy_cert_request(PLArenaPool *poolp, CRMFCertRequest *srcReq)
goto loser;
}
return newReq;
- loser:
+loser:
if (newReq != NULL && poolp == NULL) {
CRMF_DestroyCertRequest(newReq);
PORT_Free(newReq);
@@ -320,19 +319,19 @@ crmf_copy_cert_request(PLArenaPool *poolp, CRMFCertRequest *srcReq)
return NULL;
}
-SECStatus
+SECStatus
CRMF_DestroyGetValidity(CRMFGetValidity *inValidity)
{
PORT_Assert(inValidity != NULL);
if (inValidity != NULL) {
if (inValidity->notAfter) {
- PORT_Free(inValidity->notAfter);
- inValidity->notAfter = NULL;
- }
- if (inValidity->notBefore) {
- PORT_Free(inValidity->notBefore);
- inValidity->notBefore = NULL;
- }
+ PORT_Free(inValidity->notAfter);
+ inValidity->notAfter = NULL;
+ }
+ if (inValidity->notBefore) {
+ PORT_Free(inValidity->notBefore);
+ inValidity->notBefore = NULL;
+ }
}
return SECSuccess;
}
@@ -346,7 +345,7 @@ crmf_make_bitstring_copy(PLArenaPool *arena, SECItem *dest, SECItem *src)
origLenBits = src->len;
bytesToCopy = CRMF_BITS_TO_BYTES(origLenBits);
- src->len = bytesToCopy;
+ src->len = bytesToCopy;
rv = SECITEM_CopyItem(arena, dest, src);
src->len = origLenBits;
if (rv != SECSuccess) {
@@ -361,11 +360,11 @@ CRMF_CertRequestGetNumberOfExtensions(CRMFCertRequest *inCertReq)
{
CRMFCertTemplate *certTemplate;
int count = 0;
-
+
certTemplate = &inCertReq->certTemplate;
if (certTemplate->extensions) {
while (certTemplate->extensions[count] != NULL)
- count++;
+ count++;
}
return count;
}
@@ -390,17 +389,16 @@ CRMF_CertExtensionGetIsCritical(CRMFCertExtension *inExt)
return inExt->critical.data != NULL;
}
-SECItem*
+SECItem *
CRMF_CertExtensionGetValue(CRMFCertExtension *inExtension)
{
PORT_Assert(inExtension != NULL);
if (inExtension == NULL) {
return NULL;
}
-
+
return SECITEM_DupItem(&inExtension->value);
}
-
SECStatus
CRMF_DestroyPOPOSigningKey(CRMFPOPOSigningKey *inKey)
@@ -408,15 +406,15 @@ CRMF_DestroyPOPOSigningKey(CRMFPOPOSigningKey *inKey)
PORT_Assert(inKey != NULL);
if (inKey != NULL) {
if (inKey->derInput.data != NULL) {
- SECITEM_FreeItem(&inKey->derInput, PR_FALSE);
- }
- if (inKey->algorithmIdentifier != NULL) {
- SECOID_DestroyAlgorithmID(inKey->algorithmIdentifier, PR_TRUE);
- }
- if (inKey->signature.data != NULL) {
- SECITEM_FreeItem(&inKey->signature, PR_FALSE);
- }
- PORT_Free(inKey);
+ SECITEM_FreeItem(&inKey->derInput, PR_FALSE);
+ }
+ if (inKey->algorithmIdentifier != NULL) {
+ SECOID_DestroyAlgorithmID(inKey->algorithmIdentifier, PR_TRUE);
+ }
+ if (inKey->signature.data != NULL) {
+ SECITEM_FreeItem(&inKey->signature, PR_FALSE);
+ }
+ PORT_Free(inKey);
}
return SECSuccess;
}
@@ -427,7 +425,7 @@ CRMF_DestroyPOPOPrivKey(CRMFPOPOPrivKey *inPrivKey)
PORT_Assert(inPrivKey != NULL);
if (inPrivKey != NULL) {
SECITEM_FreeItem(&inPrivKey->message.thisMessage, PR_FALSE);
- PORT_Free(inPrivKey);
+ PORT_Free(inPrivKey);
}
return SECSuccess;
}
@@ -435,7 +433,7 @@ CRMF_DestroyPOPOPrivKey(CRMFPOPOPrivKey *inPrivKey)
int
CRMF_CertRequestGetNumControls(CRMFCertRequest *inCertReq)
{
- int count = 0;
+ int count = 0;
PORT_Assert(inCertReq != NULL);
if (inCertReq == NULL) {
@@ -443,8 +441,7 @@ CRMF_CertRequestGetNumControls(CRMFCertRequest *inCertReq)
}
if (inCertReq->controls) {
while (inCertReq->controls[count] != NULL)
- count++;
+ count++;
}
return count;
}
-
diff --git a/lib/crmf/crmfi.h b/lib/crmf/crmfi.h
index fd27a9b9a..badfd2b05 100644
--- a/lib/crmf/crmfi.h
+++ b/lib/crmf/crmfi.h
@@ -3,11 +3,10 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
#ifndef _CRMFI_H_
#define _CRMFI_H_
-/* This file will contain all declarations common to both
- * encoding and decoding of CRMF Cert Requests. This header
+/* This file will contain all declarations common to both
+ * encoding and decoding of CRMF Cert Requests. This header
* file should only be included internally by CRMF implementation
* files.
*/
@@ -16,38 +15,38 @@
#include "secerr.h"
#include "blapit.h"
-#define CRMF_DEFAULT_ARENA_SIZE 1024
+#define CRMF_DEFAULT_ARENA_SIZE 1024
/*
* Explanation for the definition of MAX_WRAPPED_KEY_LEN:
- *
+ *
* It's used for internal buffers to transport a wrapped private key.
* The value is in BYTES.
* We want to define a reasonable upper bound for this value.
* Ideally this could be calculated, but in order to simplify the code
* we want to estimate the maximum requires size.
* See also bug 655850 for the full explanation.
- *
+ *
* We know the largest wrapped keys are RSA keys.
* We'll estimate the maximum size needed for wrapped RSA keys,
* and assume it's sufficient for wrapped keys of any type we support.
- *
+ *
* The maximum size of RSA keys in bits is defined elsewhere as
* RSA_MAX_MODULUS_BITS
- *
+ *
* The idea is to define MAX_WRAPPED_KEY_LEN based on the above.
- *
+ *
* A wrapped RSA key requires about
* ( ( RSA_MAX_MODULUS_BITS / 8 ) * 5.5) + 65
* bytes.
- *
+ *
* Therefore, a safe upper bound is:
* ( ( RSA_MAX_MODULUS_BITS / 8 ) *8 ) = RSA_MAX_MODULUS_BITS
- *
+ *
*/
-#define MAX_WRAPPED_KEY_LEN RSA_MAX_MODULUS_BITS
+#define MAX_WRAPPED_KEY_LEN RSA_MAX_MODULUS_BITS
-#define CRMF_BITS_TO_BYTES(bits) (((bits)+7)/8)
+#define CRMF_BITS_TO_BYTES(bits) (((bits) + 7) / 8)
#define CRMF_BYTES_TO_BITS(bytes) ((bytes)*8)
struct crmfEncoderArg {
@@ -61,30 +60,30 @@ struct crmfEncoderOutput {
};
/*
- * This function is used by the API for encoding functions that are
+ * This function is used by the API for encoding functions that are
* exposed through the API, ie all of the CMMF_Encode* and CRMF_Encode*
* functions.
*/
extern void
- crmf_encoder_out(void *arg, const char *buf, unsigned long len,
- int depth, SEC_ASN1EncodingPart data_kind);
+crmf_encoder_out(void *arg, const char *buf, unsigned long len,
+ int depth, SEC_ASN1EncodingPart data_kind);
/*
* This function is used when we want to encode something locally within
* the library, ie the CertRequest so that we can produce its signature.
*/
-extern SECStatus
- crmf_init_encoder_callback_arg (struct crmfEncoderArg *encoderArg,
- SECItem *derDest);
+extern SECStatus
+crmf_init_encoder_callback_arg(struct crmfEncoderArg *encoderArg,
+ SECItem *derDest);
/*
* This is the callback function we feed to the ASN1 encoder when doing
- * internal DER-encodings. ie, encoding the cert request so we can
+ * internal DER-encodings. ie, encoding the cert request so we can
* produce a signature.
*/
extern void
-crmf_generic_encoder_callback(void *arg, const char* buf, unsigned long len,
- int depth, SEC_ASN1EncodingPart data_kind);
+crmf_generic_encoder_callback(void *arg, const char *buf, unsigned long len,
+ int depth, SEC_ASN1EncodingPart data_kind);
/* The ASN1 templates that need to be seen by internal files
* in order to implement CRMF.
@@ -109,76 +108,76 @@ extern const unsigned char hexFalse;
* Prototypes for helper routines used internally by multiple files.
*/
extern SECStatus crmf_encode_integer(PLArenaPool *poolp, SECItem *dest,
- long value);
+ long value);
extern SECStatus crmf_make_bitstring_copy(PLArenaPool *arena, SECItem *dest,
- SECItem *src);
-
-extern SECStatus crmf_copy_pkiarchiveoptions(PLArenaPool *poolp,
- CRMFPKIArchiveOptions *destOpt,
- CRMFPKIArchiveOptions *srcOpt);
-extern SECStatus
- crmf_destroy_pkiarchiveoptions(CRMFPKIArchiveOptions *inArchOptions,
- PRBool freeit);
-extern const SEC_ASN1Template*
- crmf_get_pkiarchiveoptions_subtemplate(CRMFControl *inControl);
-
-extern SECStatus crmf_copy_encryptedkey(PLArenaPool *poolp,
- CRMFEncryptedKey *srcEncrKey,
- CRMFEncryptedKey *destEncrKey);
+ SECItem *src);
+
+extern SECStatus crmf_copy_pkiarchiveoptions(PLArenaPool *poolp,
+ CRMFPKIArchiveOptions *destOpt,
+ CRMFPKIArchiveOptions *srcOpt);
+extern SECStatus
+crmf_destroy_pkiarchiveoptions(CRMFPKIArchiveOptions *inArchOptions,
+ PRBool freeit);
+extern const SEC_ASN1Template *
+crmf_get_pkiarchiveoptions_subtemplate(CRMFControl *inControl);
+
+extern SECStatus crmf_copy_encryptedkey(PLArenaPool *poolp,
+ CRMFEncryptedKey *srcEncrKey,
+ CRMFEncryptedKey *destEncrKey);
extern SECStatus
-crmf_copy_encryptedvalue(PLArenaPool *poolp,
- CRMFEncryptedValue *srcValue,
- CRMFEncryptedValue *destValue);
+crmf_copy_encryptedvalue(PLArenaPool *poolp,
+ CRMFEncryptedValue *srcValue,
+ CRMFEncryptedValue *destValue);
extern SECStatus
-crmf_copy_encryptedvalue_secalg(PLArenaPool *poolp,
- SECAlgorithmID *srcAlgId,
- SECAlgorithmID **destAlgId);
+crmf_copy_encryptedvalue_secalg(PLArenaPool *poolp,
+ SECAlgorithmID *srcAlgId,
+ SECAlgorithmID **destAlgId);
extern SECStatus crmf_template_copy_secalg(PLArenaPool *poolp,
- SECAlgorithmID **dest,
- SECAlgorithmID *src);
+ SECAlgorithmID **dest,
+ SECAlgorithmID *src);
extern SECStatus crmf_copy_cert_name(PLArenaPool *poolp, CERTName **dest,
- CERTName *src);
+ CERTName *src);
-extern SECStatus crmf_template_add_public_key(PLArenaPool *poolp,
- CERTSubjectPublicKeyInfo **dest,
- CERTSubjectPublicKeyInfo *pubKey);
+extern SECStatus crmf_template_add_public_key(PLArenaPool *poolp,
+ CERTSubjectPublicKeyInfo **dest,
+ CERTSubjectPublicKeyInfo *pubKey);
-extern CRMFCertExtension* crmf_create_cert_extension(PLArenaPool *poolp,
- SECOidTag tag,
- PRBool isCritical,
- SECItem *data);
-extern CRMFCertRequest*
+extern CRMFCertExtension *crmf_create_cert_extension(PLArenaPool *poolp,
+ SECOidTag tag,
+ PRBool isCritical,
+ SECItem *data);
+extern CRMFCertRequest *
crmf_copy_cert_request(PLArenaPool *poolp, CRMFCertRequest *srcReq);
-extern SECStatus crmf_destroy_encrypted_value(CRMFEncryptedValue *inEncrValue,
- PRBool freeit);
+extern SECStatus crmf_destroy_encrypted_value(CRMFEncryptedValue *inEncrValue,
+ PRBool freeit);
extern CRMFEncryptedValue *
-crmf_create_encrypted_value_wrapped_privkey(SECKEYPrivateKey *inPrivKey,
- SECKEYPublicKey *inPubKey,
- CRMFEncryptedValue *destValue);
+crmf_create_encrypted_value_wrapped_privkey(SECKEYPrivateKey *inPrivKey,
+ SECKEYPublicKey *inPubKey,
+ CRMFEncryptedValue *destValue);
-extern CK_MECHANISM_TYPE
- crmf_get_mechanism_from_public_key(SECKEYPublicKey *inPubKey);
+extern CK_MECHANISM_TYPE
+crmf_get_mechanism_from_public_key(SECKEYPublicKey *inPubKey);
extern SECStatus
-crmf_encrypted_value_unwrap_priv_key(PLArenaPool *poolp,
- CRMFEncryptedValue *encValue,
- SECKEYPrivateKey *privKey,
- SECKEYPublicKey *newPubKey,
- SECItem *nickname,
- PK11SlotInfo *slot,
- unsigned char keyUsage,
- SECKEYPrivateKey **unWrappedKey,
- void *wincx);
-
-extern SECItem*
+crmf_encrypted_value_unwrap_priv_key(PLArenaPool *poolp,
+ CRMFEncryptedValue *encValue,
+ SECKEYPrivateKey *privKey,
+ SECKEYPublicKey *newPubKey,
+ SECItem *nickname,
+ PK11SlotInfo *slot,
+ unsigned char keyUsage,
+ SECKEYPrivateKey **unWrappedKey,
+ void *wincx);
+
+extern SECItem *
crmf_get_public_value(SECKEYPublicKey *pubKey, SECItem *dest);
-extern CRMFCertExtension*
+extern CRMFCertExtension *
crmf_copy_cert_extension(PLArenaPool *poolp, CRMFCertExtension *inExtension);
extern SECStatus
diff --git a/lib/crmf/crmfit.h b/lib/crmf/crmfit.h
index a8defcd49..c5c4b96e9 100644
--- a/lib/crmf/crmfit.h
+++ b/lib/crmf/crmfit.h
@@ -3,13 +3,12 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
#ifndef _CRMFIT_H_
#define _CRMFIT_H_
struct CRMFCertReqMessagesStr {
CRMFCertReqMsg **messages;
- PLArenaPool *poolp;
+ PLArenaPool *poolp;
};
struct CRMFCertExtensionStr {
@@ -18,49 +17,48 @@ struct CRMFCertExtensionStr {
SECItem value;
};
-
struct CRMFOptionalValidityStr {
- SECItem notBefore;
+ SECItem notBefore;
SECItem notAfter;
};
struct CRMFCertTemplateStr {
- SECItem version;
- SECItem serialNumber;
- SECAlgorithmID *signingAlg;
- CERTName *issuer;
- CRMFOptionalValidity *validity;
- CERTName *subject;
+ SECItem version;
+ SECItem serialNumber;
+ SECAlgorithmID *signingAlg;
+ CERTName *issuer;
+ CRMFOptionalValidity *validity;
+ CERTName *subject;
CERTSubjectPublicKeyInfo *publicKey;
- SECItem issuerUID;
- SECItem subjectUID;
- CRMFCertExtension **extensions;
- int numExtensions;
+ SECItem issuerUID;
+ SECItem subjectUID;
+ CRMFCertExtension **extensions;
+ int numExtensions;
};
struct CRMFCertIDStr {
- SECItem issuer; /* General Name */
+ SECItem issuer; /* General Name */
SECItem serialNumber; /*INTEGER*/
};
struct CRMFEncryptedValueStr {
SECAlgorithmID *intendedAlg;
SECAlgorithmID *symmAlg;
- SECItem encSymmKey; /*BIT STRING */
+ SECItem encSymmKey; /*BIT STRING */
SECAlgorithmID *keyAlg;
- SECItem valueHint; /*OCTET STRING */
- SECItem encValue; /*BIT STRING */
+ SECItem valueHint; /*OCTET STRING */
+ SECItem encValue; /*BIT STRING */
};
/*
* The field derValue will contain the actual der
* to include in the encoding or that was read in
- * from a der blob.
+ * from a der blob.
*/
struct CRMFEncryptedKeyStr {
union {
- SEC_PKCS7ContentInfo *envelopedData;
- CRMFEncryptedValue encryptedValue;
+ SEC_PKCS7ContentInfo *envelopedData;
+ CRMFEncryptedValue encryptedValue;
} value;
CRMFEncryptedKeyChoice encKeyChoice;
SECItem derValue;
@@ -69,9 +67,9 @@ struct CRMFEncryptedKeyStr {
/* ASN1 must only have one of the following 3 options. */
struct CRMFPKIArchiveOptionsStr {
union {
- CRMFEncryptedKey encryptedKey;
- SECItem keyGenParameters;
- SECItem archiveRemGenPrivKey; /* BOOLEAN */
+ CRMFEncryptedKey encryptedKey;
+ SECItem keyGenParameters;
+ SECItem archiveRemGenPrivKey; /* BOOLEAN */
} option;
CRMFPKIArchiveOptionsType archOption;
};
@@ -79,39 +77,39 @@ struct CRMFPKIArchiveOptionsStr {
struct CRMFPKIPublicationInfoStr {
SECItem action; /* Possible values */
/* dontPublish (0), pleasePublish (1) */
- CRMFSinglePubInfo **pubInfos;
+ CRMFSinglePubInfo **pubInfos;
};
struct CRMFControlStr {
- SECOidTag tag;
- SECItem derTag;
- SECItem derValue;
- /* These will be C structures used to represent the various
+ SECOidTag tag;
+ SECItem derTag;
+ SECItem derValue;
+ /* These will be C structures used to represent the various
* options. Values that can't be stored as der right away.
* After creating these structures, we'll place their der
* encoding in derValue so the encoder knows how to get to
* it.
*/
union {
- CRMFCertID oldCertId;
- CRMFPKIArchiveOptions archiveOptions;
- CRMFPKIPublicationInfo pubInfo;
- CRMFProtocolEncrKey protEncrKey;
+ CRMFCertID oldCertId;
+ CRMFPKIArchiveOptions archiveOptions;
+ CRMFPKIPublicationInfo pubInfo;
+ CRMFProtocolEncrKey protEncrKey;
} value;
};
struct CRMFCertRequestStr {
- SECItem certReqId;
- CRMFCertTemplate certTemplate;
- CRMFControl **controls;
+ SECItem certReqId;
+ CRMFCertTemplate certTemplate;
+ CRMFControl **controls;
/* The following members are used by the internal implementation, but
* are not part of the encoding.
*/
PLArenaPool *poolp;
- PRUint32 requestID; /* This is the value that will be encoded into
- * the certReqId field.
- */
-};
+ PRUint32 requestID; /* This is the value that will be encoded into
+ * the certReqId field.
+ */
+};
struct CRMFAttributeStr {
SECItem derTag;
@@ -119,41 +117,41 @@ struct CRMFAttributeStr {
};
struct CRMFCertReqMsgStr {
- CRMFCertRequest *certReq;
- CRMFProofOfPossession *pop;
- CRMFAttribute **regInfo;
- SECItem derPOP;
+ CRMFCertRequest *certReq;
+ CRMFProofOfPossession *pop;
+ CRMFAttribute **regInfo;
+ SECItem derPOP;
/* This arena will be used for allocating memory when decoding.
*/
PLArenaPool *poolp;
- PRBool isDecoded;
+ PRBool isDecoded;
};
struct CRMFPOPOSigningKeyInputStr {
/* ASN1 must have only one of the next 2 options */
union {
- SECItem sender; /*General Name*/
- CRMFPKMACValue *publicKeyMAC;
- }authInfo;
+ SECItem sender; /*General Name*/
+ CRMFPKMACValue *publicKeyMAC;
+ } authInfo;
CERTSubjectPublicKeyInfo publicKey;
};
struct CRMFPOPOSigningKeyStr {
- SECItem derInput; /*If in the future we support
- *POPOSigningKeyInput, this will
- *a C structure representation
- *instead.
- */
- SECAlgorithmID *algorithmIdentifier;
- SECItem signature; /* This is a BIT STRING. Remember */
-}; /* that when interpreting. */
+ SECItem derInput; /*If in the future we support
+ *POPOSigningKeyInput, this will
+ *a C structure representation
+ *instead.
+ */
+ SECAlgorithmID *algorithmIdentifier;
+ SECItem signature; /* This is a BIT STRING. Remember */
+}; /* that when interpreting. */
/* ASN1 must only choose one of these members */
struct CRMFPOPOPrivKeyStr {
union {
- SECItem thisMessage; /* BIT STRING */
- SECItem subsequentMessage; /*INTEGER*/
- SECItem dhMAC; /*BIT STRING*/
+ SECItem thisMessage; /* BIT STRING */
+ SECItem subsequentMessage; /*INTEGER*/
+ SECItem dhMAC; /*BIT STRING*/
} message;
CRMFPOPOPrivKeyChoice messageChoice;
};
@@ -161,26 +159,26 @@ struct CRMFPOPOPrivKeyStr {
/* ASN1 must only have one of these options. */
struct CRMFProofOfPossessionStr {
union {
- SECItem raVerified;
- CRMFPOPOSigningKey signature;
- CRMFPOPOPrivKey keyEncipherment;
- CRMFPOPOPrivKey keyAgreement;
+ SECItem raVerified;
+ CRMFPOPOSigningKey signature;
+ CRMFPOPOPrivKey keyEncipherment;
+ CRMFPOPOPrivKey keyAgreement;
} popChoice;
- CRMFPOPChoice popUsed; /*Not part of encoding*/
+ CRMFPOPChoice popUsed; /*Not part of encoding*/
};
struct CRMFPKMACValueStr {
SECAlgorithmID algID;
- SECItem value; /*BIT STRING*/
+ SECItem value; /*BIT STRING*/
};
struct CRMFSinglePubInfoStr {
- SECItem pubMethod; /* Possible Values:
- * dontCare (0)
- * x500 (1)
- * web (2)
- * ldap (3)
- */
+ SECItem pubMethod; /* Possible Values:
+ * dontCare (0)
+ * x500 (1)
+ * web (2)
+ * ldap (3)
+ */
CERTGeneralName *pubLocation; /* General Name */
};
diff --git a/lib/crmf/crmfpop.c b/lib/crmf/crmfpop.c
index 2d4e32699..019875616 100644
--- a/lib/crmf/crmfpop.c
+++ b/lib/crmf/crmfpop.c
@@ -3,7 +3,6 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
#include "crmf.h"
#include "crmfi.h"
#include "secasn1.h"
@@ -13,8 +12,8 @@
#define CRMF_DEFAULT_ALLOC_SIZE 1024U
SECStatus
-crmf_init_encoder_callback_arg (struct crmfEncoderArg *encoderArg,
- SECItem *derDest)
+crmf_init_encoder_callback_arg(struct crmfEncoderArg *encoderArg,
+ SECItem *derDest)
{
derDest->data = PORT_ZNewArray(unsigned char, CRMF_DEFAULT_ALLOC_SIZE);
if (derDest->data == NULL) {
@@ -24,18 +23,17 @@ crmf_init_encoder_callback_arg (struct crmfEncoderArg *encoderArg,
encoderArg->allocatedLen = CRMF_DEFAULT_ALLOC_SIZE;
encoderArg->buffer = derDest;
return SECSuccess;
-
}
/* Caller should release or unmark the pool, instead of doing it here.
** But there are NO callers of this function at present...
*/
-SECStatus
+SECStatus
CRMF_CertReqMsgSetRAVerifiedPOP(CRMFCertReqMsg *inCertReqMsg)
{
CRMFProofOfPossession *pop;
- PLArenaPool *poolp;
- void *mark;
+ PLArenaPool *poolp;
+ void *mark;
PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->pop == NULL);
poolp = inCertReqMsg->poolp;
@@ -49,13 +47,13 @@ CRMF_CertReqMsgSetRAVerifiedPOP(CRMFCertReqMsg *inCertReqMsg)
}
pop->popUsed = crmfRAVerified;
pop->popChoice.raVerified.data = NULL;
- pop->popChoice.raVerified.len = 0;
+ pop->popChoice.raVerified.len = 0;
inCertReqMsg->pop = pop;
(void)SEC_ASN1EncodeItem(poolp, &(inCertReqMsg->derPOP),
&(pop->popChoice.raVerified),
CRMFRAVerifiedTemplate);
return SECSuccess;
- loser:
+loser:
PORT_ArenaRelease(poolp, mark);
return SECFailure;
}
@@ -71,14 +69,14 @@ crmf_get_key_sign_tag(SECKEYPublicKey *inPubKey)
return SEC_GetSignatureAlgorithmOidTag(inPubKey->keyType, SEC_OID_UNKNOWN);
}
-static SECAlgorithmID*
-crmf_create_poposignkey_algid(PLArenaPool *poolp,
- SECKEYPublicKey *inPubKey)
+static SECAlgorithmID *
+crmf_create_poposignkey_algid(PLArenaPool *poolp,
+ SECKEYPublicKey *inPubKey)
{
SECAlgorithmID *algID;
- SECOidTag tag;
- SECStatus rv;
- void *mark;
+ SECOidTag tag;
+ SECStatus rv;
+ void *mark;
mark = PORT_ArenaMark(poolp);
algID = PORT_ArenaZNew(poolp, SECAlgorithmID);
@@ -95,83 +93,83 @@ crmf_create_poposignkey_algid(PLArenaPool *poolp,
}
PORT_ArenaUnmark(poolp, mark);
return algID;
- loser:
+loser:
PORT_ArenaRelease(poolp, mark);
return NULL;
}
-static CRMFPOPOSigningKeyInput*
+static CRMFPOPOSigningKeyInput *
crmf_create_poposigningkeyinput(PLArenaPool *poolp, CERTCertificate *inCert,
- CRMFMACPasswordCallback fn, void *arg)
+ CRMFMACPasswordCallback fn, void *arg)
{
- /* PSM isn't going to do this, so we'll fail here for now.*/
- return NULL;
+ /* PSM isn't going to do this, so we'll fail here for now.*/
+ return NULL;
}
void
-crmf_generic_encoder_callback(void *arg, const char* buf, unsigned long len,
- int depth, SEC_ASN1EncodingPart data_kind)
+crmf_generic_encoder_callback(void *arg, const char *buf, unsigned long len,
+ int depth, SEC_ASN1EncodingPart data_kind)
{
- struct crmfEncoderArg *encoderArg = (struct crmfEncoderArg*)arg;
+ struct crmfEncoderArg *encoderArg = (struct crmfEncoderArg *)arg;
unsigned char *cursor;
-
- if (encoderArg->buffer->len + len > encoderArg->allocatedLen) {
- int newSize = encoderArg->buffer->len+CRMF_DEFAULT_ALLOC_SIZE;
+
+ if (encoderArg->buffer->len + len > encoderArg->allocatedLen) {
+ int newSize = encoderArg->buffer->len + CRMF_DEFAULT_ALLOC_SIZE;
void *dummy = PORT_Realloc(encoderArg->buffer->data, newSize);
- if (dummy == NULL) {
- /* I really want to return an error code here */
- PORT_Assert(0);
- return;
- }
- encoderArg->buffer->data = dummy;
- encoderArg->allocatedLen = newSize;
+ if (dummy == NULL) {
+ /* I really want to return an error code here */
+ PORT_Assert(0);
+ return;
+ }
+ encoderArg->buffer->data = dummy;
+ encoderArg->allocatedLen = newSize;
}
cursor = &(encoderArg->buffer->data[encoderArg->buffer->len]);
- PORT_Memcpy (cursor, buf, len);
- encoderArg->buffer->len += len;
+ PORT_Memcpy(cursor, buf, len);
+ encoderArg->buffer->len += len;
}
static SECStatus
crmf_encode_certreq(CRMFCertRequest *inCertReq, SECItem *derDest)
{
struct crmfEncoderArg encoderArg;
- SECStatus rv;
-
- rv = crmf_init_encoder_callback_arg (&encoderArg, derDest);
+ SECStatus rv;
+
+ rv = crmf_init_encoder_callback_arg(&encoderArg, derDest);
if (rv != SECSuccess) {
return SECFailure;
}
- return SEC_ASN1Encode(inCertReq, CRMFCertRequestTemplate,
- crmf_generic_encoder_callback, &encoderArg);
+ return SEC_ASN1Encode(inCertReq, CRMFCertRequestTemplate,
+ crmf_generic_encoder_callback, &encoderArg);
}
static SECStatus
-crmf_sign_certreq(PLArenaPool *poolp,
- CRMFPOPOSigningKey *crmfSignKey,
- CRMFCertRequest *certReq,
- SECKEYPrivateKey *inKey,
- SECAlgorithmID *inAlgId)
+crmf_sign_certreq(PLArenaPool *poolp,
+ CRMFPOPOSigningKey *crmfSignKey,
+ CRMFCertRequest *certReq,
+ SECKEYPrivateKey *inKey,
+ SECAlgorithmID *inAlgId)
{
- SECItem derCertReq = { siBuffer, NULL, 0 };
- SECItem certReqSig = { siBuffer, NULL, 0 };
- SECStatus rv = SECSuccess;
+ SECItem derCertReq = { siBuffer, NULL, 0 };
+ SECItem certReqSig = { siBuffer, NULL, 0 };
+ SECStatus rv = SECSuccess;
rv = crmf_encode_certreq(certReq, &derCertReq);
if (rv != SECSuccess) {
- goto loser;
+ goto loser;
}
rv = SEC_SignData(&certReqSig, derCertReq.data, derCertReq.len,
- inKey,SECOID_GetAlgorithmTag(inAlgId));
+ inKey, SECOID_GetAlgorithmTag(inAlgId));
if (rv != SECSuccess) {
goto loser;
}
-
+
/* Now make it a part of the POPOSigningKey */
rv = SECITEM_CopyItem(poolp, &(crmfSignKey->signature), &certReqSig);
/* Convert this length to number of bits */
- crmfSignKey->signature.len <<= 3;
-
- loser:
+ crmfSignKey->signature.len <<= 3;
+
+loser:
if (derCertReq.data != NULL) {
PORT_Free(derCertReq.data);
}
@@ -182,87 +180,88 @@ crmf_sign_certreq(PLArenaPool *poolp,
}
static SECStatus
-crmf_create_poposignkey(PLArenaPool *poolp,
- CRMFCertReqMsg *inCertReqMsg,
- CRMFPOPOSigningKeyInput *signKeyInput,
- SECKEYPrivateKey *inPrivKey,
- SECAlgorithmID *inAlgID,
- CRMFPOPOSigningKey *signKey)
+crmf_create_poposignkey(PLArenaPool *poolp,
+ CRMFCertReqMsg *inCertReqMsg,
+ CRMFPOPOSigningKeyInput *signKeyInput,
+ SECKEYPrivateKey *inPrivKey,
+ SECAlgorithmID *inAlgID,
+ CRMFPOPOSigningKey *signKey)
{
- CRMFCertRequest *certReq;
- void *mark;
- PRBool useSignKeyInput;
- SECStatus rv;
-
+ CRMFCertRequest *certReq;
+ void *mark;
+ PRBool useSignKeyInput;
+ SECStatus rv;
+
PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->certReq != NULL);
mark = PORT_ArenaMark(poolp);
if (signKey == NULL) {
goto loser;
}
certReq = inCertReqMsg->certReq;
- useSignKeyInput = !(CRMF_DoesRequestHaveField(certReq,crmfSubject) &&
- CRMF_DoesRequestHaveField(certReq,crmfPublicKey));
+ useSignKeyInput = !(CRMF_DoesRequestHaveField(certReq, crmfSubject) &&
+ CRMF_DoesRequestHaveField(certReq, crmfPublicKey));
if (useSignKeyInput) {
- goto loser;
- } else {
- rv = crmf_sign_certreq(poolp, signKey, certReq,inPrivKey, inAlgID);
- if (rv != SECSuccess) {
- goto loser;
- }
- }
- PORT_ArenaUnmark(poolp,mark);
+ goto loser;
+ }
+ else {
+ rv = crmf_sign_certreq(poolp, signKey, certReq, inPrivKey, inAlgID);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
+ }
+ PORT_ArenaUnmark(poolp, mark);
return SECSuccess;
- loser:
- PORT_ArenaRelease(poolp,mark);
+loser:
+ PORT_ArenaRelease(poolp, mark);
return SECFailure;
}
SECStatus
-CRMF_CertReqMsgSetSignaturePOP(CRMFCertReqMsg *inCertReqMsg,
- SECKEYPrivateKey *inPrivKey,
- SECKEYPublicKey *inPubKey,
- CERTCertificate *inCertForInput,
- CRMFMACPasswordCallback fn,
- void *arg)
+CRMF_CertReqMsgSetSignaturePOP(CRMFCertReqMsg *inCertReqMsg,
+ SECKEYPrivateKey *inPrivKey,
+ SECKEYPublicKey *inPubKey,
+ CERTCertificate *inCertForInput,
+ CRMFMACPasswordCallback fn,
+ void *arg)
{
- SECAlgorithmID *algID;
- PLArenaPool *poolp;
- SECItem derTemp = {siBuffer, NULL, 0};
- void *mark;
- SECStatus rv;
+ SECAlgorithmID *algID;
+ PLArenaPool *poolp;
+ SECItem derTemp = { siBuffer, NULL, 0 };
+ void *mark;
+ SECStatus rv;
CRMFPOPOSigningKeyInput *signKeyInput = NULL;
- CRMFCertRequest *certReq;
- CRMFProofOfPossession *pop;
- struct crmfEncoderArg encoderArg;
+ CRMFCertRequest *certReq;
+ CRMFProofOfPossession *pop;
+ struct crmfEncoderArg encoderArg;
PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->certReq != NULL &&
- inCertReqMsg->pop == NULL);
+ inCertReqMsg->pop == NULL);
certReq = inCertReqMsg->certReq;
- if (CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfNoPOPChoice ||
- !CRMF_DoesRequestHaveField(certReq, crmfPublicKey)) {
+ if (CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfNoPOPChoice ||
+ !CRMF_DoesRequestHaveField(certReq, crmfPublicKey)) {
return SECFailure;
- }
+ }
poolp = inCertReqMsg->poolp;
mark = PORT_ArenaMark(poolp);
algID = crmf_create_poposignkey_algid(poolp, inPubKey);
- if(!CRMF_DoesRequestHaveField(certReq,crmfSubject)) {
+ if (!CRMF_DoesRequestHaveField(certReq, crmfSubject)) {
signKeyInput = crmf_create_poposigningkeyinput(poolp, inCertForInput,
- fn, arg);
- if (signKeyInput == NULL) {
- goto loser;
- }
+ fn, arg);
+ if (signKeyInput == NULL) {
+ goto loser;
+ }
}
pop = PORT_ArenaZNew(poolp, CRMFProofOfPossession);
if (pop == NULL) {
goto loser;
}
-
- rv = crmf_create_poposignkey(poolp, inCertReqMsg,
- signKeyInput, inPrivKey, algID,
- &(pop->popChoice.signature));
+
+ rv = crmf_create_poposignkey(poolp, inCertReqMsg,
+ signKeyInput, inPrivKey, algID,
+ &(pop->popChoice.signature));
if (rv != SECSuccess) {
goto loser;
}
@@ -270,14 +269,14 @@ CRMF_CertReqMsgSetSignaturePOP(CRMFCertReqMsg *inCertReqMsg,
pop->popUsed = crmfSignature;
pop->popChoice.signature.algorithmIdentifier = algID;
inCertReqMsg->pop = pop;
-
- rv = crmf_init_encoder_callback_arg (&encoderArg, &derTemp);
+
+ rv = crmf_init_encoder_callback_arg(&encoderArg, &derTemp);
if (rv != SECSuccess) {
goto loser;
}
- rv = SEC_ASN1Encode(&pop->popChoice.signature,
- CRMFPOPOSigningKeyTemplate,
- crmf_generic_encoder_callback, &encoderArg);
+ rv = SEC_ASN1Encode(&pop->popChoice.signature,
+ CRMFPOPOSigningKeyTemplate,
+ crmf_generic_encoder_callback, &encoderArg);
if (rv != SECSuccess) {
goto loser;
}
@@ -285,49 +284,49 @@ CRMF_CertReqMsgSetSignaturePOP(CRMFCertReqMsg *inCertReqMsg,
if (rv != SECSuccess) {
goto loser;
}
- PORT_Free (derTemp.data);
- PORT_ArenaUnmark(poolp,mark);
+ PORT_Free(derTemp.data);
+ PORT_ArenaUnmark(poolp, mark);
return SECSuccess;
- loser:
- PORT_ArenaRelease(poolp,mark);
+loser:
+ PORT_ArenaRelease(poolp, mark);
if (derTemp.data != NULL) {
PORT_Free(derTemp.data);
}
return SECFailure;
}
-static const SEC_ASN1Template*
-crmf_get_popoprivkey_subtemplate(CRMFPOPOPrivKey *inPrivKey)
+static const SEC_ASN1Template *
+crmf_get_popoprivkey_subtemplate(CRMFPOPOPrivKey *inPrivKey)
{
const SEC_ASN1Template *retTemplate = NULL;
switch (inPrivKey->messageChoice) {
- case crmfThisMessage:
- retTemplate = CRMFThisMessageTemplate;
- break;
- case crmfSubsequentMessage:
- retTemplate = CRMFSubsequentMessageTemplate;
- break;
- case crmfDHMAC:
- retTemplate = CRMFDHMACTemplate;
- break;
- default:
- retTemplate = NULL;
+ case crmfThisMessage:
+ retTemplate = CRMFThisMessageTemplate;
+ break;
+ case crmfSubsequentMessage:
+ retTemplate = CRMFSubsequentMessageTemplate;
+ break;
+ case crmfDHMAC:
+ retTemplate = CRMFDHMACTemplate;
+ break;
+ default:
+ retTemplate = NULL;
}
return retTemplate;
}
static SECStatus
-crmf_encode_popoprivkey(PLArenaPool *poolp,
- CRMFCertReqMsg *inCertReqMsg,
- CRMFPOPOPrivKey *popoPrivKey,
- const SEC_ASN1Template *privKeyTemplate)
+crmf_encode_popoprivkey(PLArenaPool *poolp,
+ CRMFCertReqMsg *inCertReqMsg,
+ CRMFPOPOPrivKey *popoPrivKey,
+ const SEC_ASN1Template *privKeyTemplate)
{
- struct crmfEncoderArg encoderArg;
- SECItem derTemp = { siBuffer, NULL, 0 };
- SECStatus rv;
- void *mark;
+ struct crmfEncoderArg encoderArg;
+ SECItem derTemp = { siBuffer, NULL, 0 };
+ SECStatus rv;
+ void *mark;
const SEC_ASN1Template *subDerTemplate;
mark = PORT_ArenaMark(poolp);
@@ -336,21 +335,21 @@ crmf_encode_popoprivkey(PLArenaPool *poolp,
goto loser;
}
subDerTemplate = crmf_get_popoprivkey_subtemplate(popoPrivKey);
- /* We've got a union, so a pointer to one item is a pointer to
+ /* We've got a union, so a pointer to one item is a pointer to
* all the items in the union.
*/
- rv = SEC_ASN1Encode(&popoPrivKey->message.thisMessage,
- subDerTemplate,
- crmf_generic_encoder_callback, &encoderArg);
+ rv = SEC_ASN1Encode(&popoPrivKey->message.thisMessage,
+ subDerTemplate,
+ crmf_generic_encoder_callback, &encoderArg);
if (rv != SECSuccess) {
goto loser;
}
- if (encoderArg.allocatedLen > derTemp.len+2) {
- void *dummy = PORT_Realloc(derTemp.data, derTemp.len+2);
- if (dummy == NULL) {
- goto loser;
- }
- derTemp.data = dummy;
+ if (encoderArg.allocatedLen > derTemp.len + 2) {
+ void *dummy = PORT_Realloc(derTemp.data, derTemp.len + 2);
+ if (dummy == NULL) {
+ goto loser;
+ }
+ derTemp.data = dummy;
}
PORT_Memmove(&derTemp.data[2], &derTemp.data[0], derTemp.len);
/* I couldn't figure out how to get the ASN1 encoder to implicitly
@@ -367,7 +366,7 @@ crmf_encode_popoprivkey(PLArenaPool *poolp,
PORT_Free(derTemp.data);
PORT_ArenaUnmark(poolp, mark);
return SECSuccess;
- loser:
+loser:
PORT_ArenaRelease(poolp, mark);
if (derTemp.data) {
PORT_Free(derTemp.data);
@@ -375,29 +374,29 @@ crmf_encode_popoprivkey(PLArenaPool *poolp,
return SECFailure;
}
-static const SEC_ASN1Template*
-crmf_get_template_for_privkey(CRMFPOPChoice inChoice)
+static const SEC_ASN1Template *
+crmf_get_template_for_privkey(CRMFPOPChoice inChoice)
{
switch (inChoice) {
- case crmfKeyAgreement:
- return CRMFPOPOKeyAgreementTemplate;
- case crmfKeyEncipherment:
- return CRMFPOPOKeyEnciphermentTemplate;
- default:
- break;
+ case crmfKeyAgreement:
+ return CRMFPOPOKeyAgreementTemplate;
+ case crmfKeyEncipherment:
+ return CRMFPOPOKeyEnciphermentTemplate;
+ default:
+ break;
}
return NULL;
}
static SECStatus
crmf_add_privkey_thismessage(CRMFCertReqMsg *inCertReqMsg, SECItem *encPrivKey,
- CRMFPOPChoice inChoice)
+ CRMFPOPChoice inChoice)
{
- PLArenaPool *poolp;
- void *mark;
- CRMFPOPOPrivKey *popoPrivKey;
+ PLArenaPool *poolp;
+ void *mark;
+ CRMFPOPOPrivKey *popoPrivKey;
CRMFProofOfPossession *pop;
- SECStatus rv;
+ SECStatus rv;
PORT_Assert(inCertReqMsg != NULL && encPrivKey != NULL);
poolp = inCertReqMsg->poolp;
@@ -409,14 +408,14 @@ crmf_add_privkey_thismessage(CRMFCertReqMsg *inCertReqMsg, SECItem *encPrivKey,
pop->popUsed = inChoice;
/* popChoice is a union, so getting a pointer to one
* field gives me a pointer to the other fields as
- * well. This in essence points to both
+ * well. This in essence points to both
* pop->popChoice.keyEncipherment and
* pop->popChoice.keyAgreement
*/
popoPrivKey = &pop->popChoice.keyEncipherment;
rv = SECITEM_CopyItem(poolp, &(popoPrivKey->message.thisMessage),
- encPrivKey);
+ encPrivKey);
if (rv != SECSuccess) {
goto loser;
}
@@ -424,27 +423,27 @@ crmf_add_privkey_thismessage(CRMFCertReqMsg *inCertReqMsg, SECItem *encPrivKey,
popoPrivKey->messageChoice = crmfThisMessage;
inCertReqMsg->pop = pop;
rv = crmf_encode_popoprivkey(poolp, inCertReqMsg, popoPrivKey,
- crmf_get_template_for_privkey(inChoice));
+ crmf_get_template_for_privkey(inChoice));
if (rv != SECSuccess) {
goto loser;
}
PORT_ArenaUnmark(poolp, mark);
return SECSuccess;
-
- loser:
+
+loser:
PORT_ArenaRelease(poolp, mark);
return SECFailure;
}
static SECStatus
crmf_add_privkey_dhmac(CRMFCertReqMsg *inCertReqMsg, SECItem *dhmac,
- CRMFPOPChoice inChoice)
+ CRMFPOPChoice inChoice)
{
- PLArenaPool *poolp;
- void *mark;
- CRMFPOPOPrivKey *popoPrivKey;
+ PLArenaPool *poolp;
+ void *mark;
+ CRMFPOPOPrivKey *popoPrivKey;
CRMFProofOfPossession *pop;
- SECStatus rv;
+ SECStatus rv;
PORT_Assert(inCertReqMsg != NULL && dhmac != NULL);
poolp = inCertReqMsg->poolp;
@@ -471,22 +470,22 @@ crmf_add_privkey_dhmac(CRMFCertReqMsg *inCertReqMsg, SECItem *dhmac,
}
PORT_ArenaUnmark(poolp, mark);
return SECSuccess;
-
- loser:
+
+loser:
PORT_ArenaRelease(poolp, mark);
return SECFailure;
}
static SECStatus
-crmf_add_privkey_subseqmessage(CRMFCertReqMsg *inCertReqMsg,
- CRMFSubseqMessOptions subsequentMessage,
- CRMFPOPChoice inChoice)
+crmf_add_privkey_subseqmessage(CRMFCertReqMsg *inCertReqMsg,
+ CRMFSubseqMessOptions subsequentMessage,
+ CRMFPOPChoice inChoice)
{
- void *mark;
- PLArenaPool *poolp;
+ void *mark;
+ PLArenaPool *poolp;
CRMFProofOfPossession *pop;
- CRMFPOPOPrivKey *popoPrivKey;
- SECStatus rv;
+ CRMFPOPOPrivKey *popoPrivKey;
+ SECStatus rv;
const SEC_ASN1Template *privKeyTemplate;
if (subsequentMessage == crmfNoSubseqMess) {
@@ -500,25 +499,25 @@ crmf_add_privkey_subseqmessage(CRMFCertReqMsg *inCertReqMsg,
}
pop->popUsed = inChoice;
- /*
+ /*
* We have a union, so a pointer to one member of the union
* is also a member to another member of that same union.
*/
popoPrivKey = &pop->popChoice.keyEncipherment;
switch (subsequentMessage) {
- case crmfEncrCert:
- rv = crmf_encode_integer(poolp,
- &(popoPrivKey->message.subsequentMessage),
- 0);
- break;
- case crmfChallengeResp:
- rv = crmf_encode_integer(poolp,
- &(popoPrivKey->message.subsequentMessage),
- 1);
- break;
- default:
- goto loser;
+ case crmfEncrCert:
+ rv = crmf_encode_integer(poolp,
+ &(popoPrivKey->message.subsequentMessage),
+ 0);
+ break;
+ case crmfChallengeResp:
+ rv = crmf_encode_integer(poolp,
+ &(popoPrivKey->message.subsequentMessage),
+ 1);
+ break;
+ default:
+ goto loser;
}
if (rv != SECSuccess) {
goto loser;
@@ -527,23 +526,23 @@ crmf_add_privkey_subseqmessage(CRMFCertReqMsg *inCertReqMsg,
privKeyTemplate = crmf_get_template_for_privkey(inChoice);
inCertReqMsg->pop = pop;
rv = crmf_encode_popoprivkey(poolp, inCertReqMsg, popoPrivKey,
- privKeyTemplate);
+ privKeyTemplate);
if (rv != SECSuccess) {
goto loser;
}
PORT_ArenaUnmark(poolp, mark);
return SECSuccess;
- loser:
+loser:
PORT_ArenaRelease(poolp, mark);
return SECFailure;
}
-SECStatus
-CRMF_CertReqMsgSetKeyEnciphermentPOP(CRMFCertReqMsg *inCertReqMsg,
- CRMFPOPOPrivKeyChoice inKeyChoice,
- CRMFSubseqMessOptions subseqMess,
- SECItem *encPrivKey)
+SECStatus
+CRMF_CertReqMsgSetKeyEnciphermentPOP(CRMFCertReqMsg *inCertReqMsg,
+ CRMFPOPOPrivKeyChoice inKeyChoice,
+ CRMFSubseqMessOptions subseqMess,
+ SECItem *encPrivKey)
{
SECStatus rv;
@@ -551,49 +550,48 @@ CRMF_CertReqMsgSetKeyEnciphermentPOP(CRMFCertReqMsg *inCertReqMsg,
if (CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfNoPOPChoice) {
return SECFailure;
}
- switch (inKeyChoice) {
- case crmfThisMessage:
- rv = crmf_add_privkey_thismessage(inCertReqMsg, encPrivKey,
- crmfKeyEncipherment);
- break;
- case crmfSubsequentMessage:
- rv = crmf_add_privkey_subseqmessage(inCertReqMsg, subseqMess,
- crmfKeyEncipherment);
- break;
- case crmfDHMAC:
- default:
- rv = SECFailure;
+ switch (inKeyChoice) {
+ case crmfThisMessage:
+ rv = crmf_add_privkey_thismessage(inCertReqMsg, encPrivKey,
+ crmfKeyEncipherment);
+ break;
+ case crmfSubsequentMessage:
+ rv = crmf_add_privkey_subseqmessage(inCertReqMsg, subseqMess,
+ crmfKeyEncipherment);
+ break;
+ case crmfDHMAC:
+ default:
+ rv = SECFailure;
}
return rv;
}
-SECStatus
-CRMF_CertReqMsgSetKeyAgreementPOP (CRMFCertReqMsg *inCertReqMsg,
- CRMFPOPOPrivKeyChoice inKeyChoice,
- CRMFSubseqMessOptions subseqMess,
- SECItem *encPrivKey)
+SECStatus
+CRMF_CertReqMsgSetKeyAgreementPOP(CRMFCertReqMsg *inCertReqMsg,
+ CRMFPOPOPrivKeyChoice inKeyChoice,
+ CRMFSubseqMessOptions subseqMess,
+ SECItem *encPrivKey)
{
SECStatus rv;
PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->pop == NULL);
- switch (inKeyChoice) {
- case crmfThisMessage:
- rv = crmf_add_privkey_thismessage(inCertReqMsg, encPrivKey,
- crmfKeyAgreement);
- break;
- case crmfSubsequentMessage:
- rv = crmf_add_privkey_subseqmessage(inCertReqMsg, subseqMess,
- crmfKeyAgreement);
- break;
- case crmfDHMAC:
- /* In this case encPrivKey should be the calculated dhMac
- * as specified in RFC 2511 */
- rv = crmf_add_privkey_dhmac(inCertReqMsg, encPrivKey,
- crmfKeyAgreement);
- break;
- default:
- rv = SECFailure;
+ switch (inKeyChoice) {
+ case crmfThisMessage:
+ rv = crmf_add_privkey_thismessage(inCertReqMsg, encPrivKey,
+ crmfKeyAgreement);
+ break;
+ case crmfSubsequentMessage:
+ rv = crmf_add_privkey_subseqmessage(inCertReqMsg, subseqMess,
+ crmfKeyAgreement);
+ break;
+ case crmfDHMAC:
+ /* In this case encPrivKey should be the calculated dhMac
+ * as specified in RFC 2511 */
+ rv = crmf_add_privkey_dhmac(inCertReqMsg, encPrivKey,
+ crmfKeyAgreement);
+ break;
+ default:
+ rv = SECFailure;
}
return rv;
}
-
diff --git a/lib/crmf/crmfreq.c b/lib/crmf/crmfreq.c
index 7da81cdbf..7dbf94c7c 100644
--- a/lib/crmf/crmfreq.c
+++ b/lib/crmf/crmfreq.c
@@ -14,17 +14,16 @@
*/
#define IS_NOT_NULL(ptr) ((ptr) == NULL) ? PR_FALSE : PR_TRUE
-const unsigned char hexTrue = 0xff;
+const unsigned char hexTrue = 0xff;
const unsigned char hexFalse = 0x00;
-
SECStatus
crmf_encode_integer(PLArenaPool *poolp, SECItem *dest, long value)
{
SECItem *dummy;
dummy = SEC_ASN1EncodeInteger(poolp, dest, value);
- PORT_Assert (dummy == dest);
+ PORT_Assert(dummy == dest);
if (dummy == NULL) {
return SECFailure;
}
@@ -33,12 +32,12 @@ crmf_encode_integer(PLArenaPool *poolp, SECItem *dest, long value)
SECStatus
crmf_encode_unsigned_integer(PLArenaPool *poolp, SECItem *dest,
- unsigned long value)
+ unsigned long value)
{
SECItem *dummy;
dummy = SEC_ASN1EncodeUnsignedInteger(poolp, dest, value);
- PORT_Assert (dummy == dest);
+ PORT_Assert(dummy == dest);
if (dummy != dest) {
return SECFailure;
}
@@ -46,73 +45,73 @@ crmf_encode_unsigned_integer(PLArenaPool *poolp, SECItem *dest,
}
static SECStatus
-crmf_copy_secitem (PLArenaPool *poolp, SECItem *dest, SECItem *src)
+crmf_copy_secitem(PLArenaPool *poolp, SECItem *dest, SECItem *src)
{
- return SECITEM_CopyItem (poolp, dest, src);
+ return SECITEM_CopyItem(poolp, dest, src);
}
PRBool
-CRMF_DoesRequestHaveField (CRMFCertRequest *inCertReq,
- CRMFCertTemplateField inField)
+CRMF_DoesRequestHaveField(CRMFCertRequest *inCertReq,
+ CRMFCertTemplateField inField)
{
-
+
PORT_Assert(inCertReq != NULL);
if (inCertReq == NULL) {
return PR_FALSE;
}
switch (inField) {
- case crmfVersion:
- return inCertReq->certTemplate.version.data != NULL;
- case crmfSerialNumber:
- return inCertReq->certTemplate.serialNumber.data != NULL;
- case crmfSigningAlg:
- return inCertReq->certTemplate.signingAlg != NULL;
- case crmfIssuer:
- return inCertReq->certTemplate.issuer != NULL;
- case crmfValidity:
- return inCertReq->certTemplate.validity != NULL;
- case crmfSubject:
- return inCertReq->certTemplate.subject != NULL;
- case crmfPublicKey:
- return inCertReq->certTemplate.publicKey != NULL;
- case crmfIssuerUID:
- return inCertReq->certTemplate.issuerUID.data != NULL;
- case crmfSubjectUID:
- return inCertReq->certTemplate.subjectUID.data != NULL;
- case crmfExtension:
- return CRMF_CertRequestGetNumberOfExtensions(inCertReq) != 0;
+ case crmfVersion:
+ return inCertReq->certTemplate.version.data != NULL;
+ case crmfSerialNumber:
+ return inCertReq->certTemplate.serialNumber.data != NULL;
+ case crmfSigningAlg:
+ return inCertReq->certTemplate.signingAlg != NULL;
+ case crmfIssuer:
+ return inCertReq->certTemplate.issuer != NULL;
+ case crmfValidity:
+ return inCertReq->certTemplate.validity != NULL;
+ case crmfSubject:
+ return inCertReq->certTemplate.subject != NULL;
+ case crmfPublicKey:
+ return inCertReq->certTemplate.publicKey != NULL;
+ case crmfIssuerUID:
+ return inCertReq->certTemplate.issuerUID.data != NULL;
+ case crmfSubjectUID:
+ return inCertReq->certTemplate.subjectUID.data != NULL;
+ case crmfExtension:
+ return CRMF_CertRequestGetNumberOfExtensions(inCertReq) != 0;
}
return PR_FALSE;
}
CRMFCertRequest *
-CRMF_CreateCertRequest (PRUint32 inRequestID)
+CRMF_CreateCertRequest(PRUint32 inRequestID)
{
- PLArenaPool *poolp;
+ PLArenaPool *poolp;
CRMFCertRequest *certReq;
- SECStatus rv;
-
+ SECStatus rv;
+
poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
if (poolp == NULL) {
goto loser;
}
-
- certReq=PORT_ArenaZNew(poolp,CRMFCertRequest);
+
+ certReq = PORT_ArenaZNew(poolp, CRMFCertRequest);
if (certReq == NULL) {
goto loser;
}
certReq->poolp = poolp;
certReq->requestID = inRequestID;
-
- rv = crmf_encode_unsigned_integer(poolp, &(certReq->certReqId),
+
+ rv = crmf_encode_unsigned_integer(poolp, &(certReq->certReqId),
inRequestID);
if (rv != SECSuccess) {
goto loser;
}
return certReq;
- loser:
+loser:
if (poolp) {
PORT_FreeArena(poolp, PR_FALSE);
}
@@ -125,18 +124,18 @@ CRMF_DestroyCertRequest(CRMFCertRequest *inCertReq)
PORT_Assert(inCertReq != NULL);
if (inCertReq != NULL) {
if (inCertReq->certTemplate.extensions) {
- PORT_Free(inCertReq->certTemplate.extensions);
- }
- if (inCertReq->controls) {
- /* Right now we don't support EnveloppedData option,
- * so we won't go through and delete each occurrence of
- * an EnveloppedData in the control.
- */
- PORT_Free(inCertReq->controls);
- }
- if (inCertReq->poolp) {
- PORT_FreeArena(inCertReq->poolp, PR_TRUE);
- }
+ PORT_Free(inCertReq->certTemplate.extensions);
+ }
+ if (inCertReq->controls) {
+ /* Right now we don't support EnveloppedData option,
+ * so we won't go through and delete each occurrence of
+ * an EnveloppedData in the control.
+ */
+ PORT_Free(inCertReq->controls);
+ }
+ if (inCertReq->poolp) {
+ PORT_FreeArena(inCertReq->poolp, PR_TRUE);
+ }
}
return SECSuccess;
}
@@ -154,12 +153,12 @@ crmf_template_add_serialnumber(PLArenaPool *poolp, SECItem *dest, long serial)
}
SECStatus
-crmf_template_copy_secalg (PLArenaPool *poolp, SECAlgorithmID **dest,
- SECAlgorithmID* src)
+crmf_template_copy_secalg(PLArenaPool *poolp, SECAlgorithmID **dest,
+ SECAlgorithmID *src)
{
- SECStatus rv;
- void *mark = NULL;
- SECAlgorithmID *mySecAlg;
+ SECStatus rv;
+ void *mark = NULL;
+ SECAlgorithmID *mySecAlg;
if (!poolp) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -180,7 +179,7 @@ crmf_template_copy_secalg (PLArenaPool *poolp, SECAlgorithmID **dest,
}
return SECSuccess;
- loser:
+loser:
*dest = NULL;
if (mark) {
PORT_ArenaRelease(poolp, mark);
@@ -190,11 +189,11 @@ crmf_template_copy_secalg (PLArenaPool *poolp, SECAlgorithmID **dest,
SECStatus
crmf_copy_cert_name(PLArenaPool *poolp, CERTName **dest,
- CERTName *src)
+ CERTName *src)
{
CERTName *newName;
SECStatus rv;
- void *mark;
+ void *mark;
mark = PORT_ArenaMark(poolp);
*dest = newName = PORT_ArenaZNew(poolp, CERTName);
@@ -204,91 +203,89 @@ crmf_copy_cert_name(PLArenaPool *poolp, CERTName **dest,
rv = CERT_CopyName(poolp, newName, src);
if (rv != SECSuccess) {
- goto loser;
+ goto loser;
}
PORT_ArenaUnmark(poolp, mark);
return SECSuccess;
- loser:
+loser:
PORT_ArenaRelease(poolp, mark);
*dest = NULL;
return SECFailure;
}
static SECStatus
-crmf_template_add_issuer (PLArenaPool *poolp, CERTName **dest,
- CERTName* issuerName)
+crmf_template_add_issuer(PLArenaPool *poolp, CERTName **dest,
+ CERTName *issuerName)
{
return crmf_copy_cert_name(poolp, dest, issuerName);
}
-
static SECStatus
-crmf_template_add_validity (PLArenaPool *poolp, CRMFOptionalValidity **dest,
- CRMFValidityCreationInfo *info)
+crmf_template_add_validity(PLArenaPool *poolp, CRMFOptionalValidity **dest,
+ CRMFValidityCreationInfo *info)
{
- SECStatus rv;
- void *mark;
+ SECStatus rv;
+ void *mark;
CRMFOptionalValidity *myValidity;
/*First off, let's make sure at least one of the two fields is present*/
- if (!info || (!info->notBefore && !info->notAfter)) {
+ if (!info || (!info->notBefore && !info->notAfter)) {
return SECFailure;
}
- mark = PORT_ArenaMark (poolp);
+ mark = PORT_ArenaMark(poolp);
*dest = myValidity = PORT_ArenaZNew(poolp, CRMFOptionalValidity);
if (myValidity == NULL) {
goto loser;
}
if (info->notBefore) {
- rv = DER_EncodeTimeChoice (poolp, &myValidity->notBefore,
- *info->notBefore);
- if (rv != SECSuccess) {
- goto loser;
- }
+ rv = DER_EncodeTimeChoice(poolp, &myValidity->notBefore,
+ *info->notBefore);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
}
if (info->notAfter) {
- rv = DER_EncodeTimeChoice (poolp, &myValidity->notAfter,
- *info->notAfter);
- if (rv != SECSuccess) {
- goto loser;
- }
+ rv = DER_EncodeTimeChoice(poolp, &myValidity->notAfter,
+ *info->notAfter);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
}
PORT_ArenaUnmark(poolp, mark);
return SECSuccess;
- loser:
+loser:
PORT_ArenaRelease(poolp, mark);
*dest = NULL;
return SECFailure;
}
static SECStatus
-crmf_template_add_subject (PLArenaPool *poolp, CERTName **dest,
- CERTName *subject)
+crmf_template_add_subject(PLArenaPool *poolp, CERTName **dest,
+ CERTName *subject)
{
return crmf_copy_cert_name(poolp, dest, subject);
}
SECStatus
crmf_template_add_public_key(PLArenaPool *poolp,
- CERTSubjectPublicKeyInfo **dest,
- CERTSubjectPublicKeyInfo *pubKey)
+ CERTSubjectPublicKeyInfo **dest,
+ CERTSubjectPublicKeyInfo *pubKey)
{
CERTSubjectPublicKeyInfo *spki;
SECStatus rv;
- *dest = spki = (poolp == NULL) ?
- PORT_ZNew(CERTSubjectPublicKeyInfo) :
- PORT_ArenaZNew (poolp, CERTSubjectPublicKeyInfo);
+ *dest = spki = (poolp == NULL) ? PORT_ZNew(CERTSubjectPublicKeyInfo) :
+ PORT_ArenaZNew(poolp, CERTSubjectPublicKeyInfo);
if (spki == NULL) {
goto loser;
}
- rv = SECKEY_CopySubjectPublicKeyInfo (poolp, spki, pubKey);
+ rv = SECKEY_CopySubjectPublicKeyInfo(poolp, spki, pubKey);
if (rv != SECSuccess) {
goto loser;
}
return SECSuccess;
- loser:
+loser:
if (poolp == NULL && spki != NULL) {
SECKEY_DestroySubjectPublicKeyInfo(spki);
}
@@ -297,11 +294,11 @@ crmf_template_add_public_key(PLArenaPool *poolp,
}
static SECStatus
-crmf_copy_bitstring (PLArenaPool *poolp, SECItem *dest, const SECItem *src)
+crmf_copy_bitstring(PLArenaPool *poolp, SECItem *dest, const SECItem *src)
{
SECStatus rv;
- SECItem byteSrc;
-
+ SECItem byteSrc;
+
byteSrc = *src;
byteSrc.len = CRMF_BITS_TO_BYTES(byteSrc.len);
rv = crmf_copy_secitem(poolp, dest, &byteSrc);
@@ -311,23 +308,23 @@ crmf_copy_bitstring (PLArenaPool *poolp, SECItem *dest, const SECItem *src)
static SECStatus
crmf_template_add_issuer_uid(PLArenaPool *poolp, SECItem *dest,
- const SECItem *issuerUID)
+ const SECItem *issuerUID)
{
- return crmf_copy_bitstring (poolp, dest, issuerUID);
+ return crmf_copy_bitstring(poolp, dest, issuerUID);
}
static SECStatus
crmf_template_add_subject_uid(PLArenaPool *poolp, SECItem *dest,
- const SECItem *subjectUID)
+ const SECItem *subjectUID)
{
- return crmf_copy_bitstring (poolp, dest, subjectUID);
+ return crmf_copy_bitstring(poolp, dest, subjectUID);
}
static void
-crmf_zeroize_new_extensions (CRMFCertExtension **extensions,
- int numToZeroize)
+crmf_zeroize_new_extensions(CRMFCertExtension **extensions,
+ int numToZeroize)
{
- PORT_Memset((void*)extensions, 0, sizeof(CERTCertExtension*)*numToZeroize);
+ PORT_Memset((void *)extensions, 0, sizeof(CERTCertExtension *) * numToZeroize);
}
/*
@@ -342,72 +339,72 @@ crmf_zeroize_new_extensions (CRMFCertExtension **extensions,
*/
static SECStatus
crmf_template_add_extensions(PLArenaPool *poolp, CRMFCertTemplate *inTemplate,
- CRMFCertExtCreationInfo *extensions)
+ CRMFCertExtCreationInfo *extensions)
{
- void *mark;
- int newSize, oldSize, i;
- SECStatus rv;
+ void *mark;
+ int newSize, oldSize, i;
+ SECStatus rv;
CRMFCertExtension **extArray;
- CRMFCertExtension *newExt, *currExt;
+ CRMFCertExtension *newExt, *currExt;
mark = PORT_ArenaMark(poolp);
if (inTemplate->extensions == NULL) {
newSize = extensions->numExtensions;
- extArray = PORT_ZNewArray(CRMFCertExtension*,newSize+1);
- } else {
+ extArray = PORT_ZNewArray(CRMFCertExtension *, newSize + 1);
+ }
+ else {
newSize = inTemplate->numExtensions + extensions->numExtensions;
- extArray = PORT_Realloc(inTemplate->extensions,
- sizeof(CRMFCertExtension*)*(newSize+1));
+ extArray = PORT_Realloc(inTemplate->extensions,
+ sizeof(CRMFCertExtension *) * (newSize + 1));
}
if (extArray == NULL) {
goto loser;
}
- oldSize = inTemplate->numExtensions;
- inTemplate->extensions = extArray;
+ oldSize = inTemplate->numExtensions;
+ inTemplate->extensions = extArray;
inTemplate->numExtensions = newSize;
- for (i=oldSize; i < newSize; i++) {
+ for (i = oldSize; i < newSize; i++) {
newExt = PORT_ArenaZNew(poolp, CRMFCertExtension);
- if (newExt == NULL) {
- goto loser2;
- }
- currExt = extensions->extensions[i-oldSize];
- rv = crmf_copy_secitem(poolp, &(newExt->id), &(currExt->id));
- if (rv != SECSuccess) {
- goto loser2;
- }
- rv = crmf_copy_secitem(poolp, &(newExt->critical),
- &(currExt->critical));
- if (rv != SECSuccess) {
- goto loser2;
- }
- rv = crmf_copy_secitem(poolp, &(newExt->value), &(currExt->value));
- if (rv != SECSuccess) {
- goto loser2;
- }
- extArray[i] = newExt;
+ if (newExt == NULL) {
+ goto loser2;
+ }
+ currExt = extensions->extensions[i - oldSize];
+ rv = crmf_copy_secitem(poolp, &(newExt->id), &(currExt->id));
+ if (rv != SECSuccess) {
+ goto loser2;
+ }
+ rv = crmf_copy_secitem(poolp, &(newExt->critical),
+ &(currExt->critical));
+ if (rv != SECSuccess) {
+ goto loser2;
+ }
+ rv = crmf_copy_secitem(poolp, &(newExt->value), &(currExt->value));
+ if (rv != SECSuccess) {
+ goto loser2;
+ }
+ extArray[i] = newExt;
}
extArray[newSize] = NULL;
PORT_ArenaUnmark(poolp, mark);
return SECSuccess;
- loser2:
- crmf_zeroize_new_extensions (&(inTemplate->extensions[oldSize]),
- extensions->numExtensions);
+loser2:
+ crmf_zeroize_new_extensions(&(inTemplate->extensions[oldSize]),
+ extensions->numExtensions);
inTemplate->numExtensions = oldSize;
- loser:
+loser:
PORT_ArenaRelease(poolp, mark);
return SECFailure;
}
SECStatus
-CRMF_CertRequestSetTemplateField(CRMFCertRequest *inCertReq,
- CRMFCertTemplateField inTemplateField,
- void *data)
+CRMF_CertRequestSetTemplateField(CRMFCertRequest *inCertReq,
+ CRMFCertTemplateField inTemplateField,
+ void *data)
{
CRMFCertTemplate *certTemplate;
- PLArenaPool *poolp;
- SECStatus rv = SECFailure;
- void *mark;
-
+ PLArenaPool *poolp;
+ SECStatus rv = SECFailure;
+ void *mark;
if (inCertReq == NULL) {
return SECFailure;
@@ -418,73 +415,74 @@ CRMF_CertRequestSetTemplateField(CRMFCertRequest *inCertReq,
poolp = inCertReq->poolp;
mark = PORT_ArenaMark(poolp);
switch (inTemplateField) {
- case crmfVersion:
- rv = crmf_template_add_version(poolp,&(certTemplate->version),
- *(long*)data);
- break;
- case crmfSerialNumber:
- rv = crmf_template_add_serialnumber(poolp,
- &(certTemplate->serialNumber),
- *(long*)data);
- break;
- case crmfSigningAlg:
- rv = crmf_template_copy_secalg (poolp, &(certTemplate->signingAlg),
- (SECAlgorithmID*)data);
- break;
- case crmfIssuer:
- rv = crmf_template_add_issuer (poolp, &(certTemplate->issuer),
- (CERTName*)data);
- break;
- case crmfValidity:
- rv = crmf_template_add_validity (poolp, &(certTemplate->validity),
- (CRMFValidityCreationInfo*)data);
- break;
- case crmfSubject:
- rv = crmf_template_add_subject (poolp, &(certTemplate->subject),
- (CERTName*)data);
- break;
- case crmfPublicKey:
- rv = crmf_template_add_public_key(poolp, &(certTemplate->publicKey),
- (CERTSubjectPublicKeyInfo*)data);
- break;
- case crmfIssuerUID:
- rv = crmf_template_add_issuer_uid(poolp, &(certTemplate->issuerUID),
- (SECItem*)data);
- break;
- case crmfSubjectUID:
- rv = crmf_template_add_subject_uid(poolp, &(certTemplate->subjectUID),
- (SECItem*)data);
- break;
- case crmfExtension:
- rv = crmf_template_add_extensions(poolp, certTemplate,
- (CRMFCertExtCreationInfo*)data);
- break;
+ case crmfVersion:
+ rv = crmf_template_add_version(poolp, &(certTemplate->version),
+ *(long *)data);
+ break;
+ case crmfSerialNumber:
+ rv = crmf_template_add_serialnumber(poolp,
+ &(certTemplate->serialNumber),
+ *(long *)data);
+ break;
+ case crmfSigningAlg:
+ rv = crmf_template_copy_secalg(poolp, &(certTemplate->signingAlg),
+ (SECAlgorithmID *)data);
+ break;
+ case crmfIssuer:
+ rv = crmf_template_add_issuer(poolp, &(certTemplate->issuer),
+ (CERTName *)data);
+ break;
+ case crmfValidity:
+ rv = crmf_template_add_validity(poolp, &(certTemplate->validity),
+ (CRMFValidityCreationInfo *)data);
+ break;
+ case crmfSubject:
+ rv = crmf_template_add_subject(poolp, &(certTemplate->subject),
+ (CERTName *)data);
+ break;
+ case crmfPublicKey:
+ rv = crmf_template_add_public_key(poolp, &(certTemplate->publicKey),
+ (CERTSubjectPublicKeyInfo *)data);
+ break;
+ case crmfIssuerUID:
+ rv = crmf_template_add_issuer_uid(poolp, &(certTemplate->issuerUID),
+ (SECItem *)data);
+ break;
+ case crmfSubjectUID:
+ rv = crmf_template_add_subject_uid(poolp, &(certTemplate->subjectUID),
+ (SECItem *)data);
+ break;
+ case crmfExtension:
+ rv = crmf_template_add_extensions(poolp, certTemplate,
+ (CRMFCertExtCreationInfo *)data);
+ break;
}
if (rv != SECSuccess) {
PORT_ArenaRelease(poolp, mark);
- } else {
+ }
+ else {
PORT_ArenaUnmark(poolp, mark);
}
return rv;
}
SECStatus
-CRMF_CertReqMsgSetCertRequest (CRMFCertReqMsg *inCertReqMsg,
- CRMFCertRequest *inCertReq)
+CRMF_CertReqMsgSetCertRequest(CRMFCertReqMsg *inCertReqMsg,
+ CRMFCertRequest *inCertReq)
{
- PORT_Assert (inCertReqMsg != NULL && inCertReq != NULL);
+ PORT_Assert(inCertReqMsg != NULL && inCertReq != NULL);
if (inCertReqMsg == NULL || inCertReq == NULL) {
return SECFailure;
}
inCertReqMsg->certReq = crmf_copy_cert_request(inCertReqMsg->poolp,
- inCertReq);
+ inCertReq);
return (inCertReqMsg->certReq == NULL) ? SECFailure : SECSuccess;
}
-CRMFCertReqMsg*
+CRMFCertReqMsg *
CRMF_CreateCertReqMsg(void)
{
- PLArenaPool *poolp;
+ PLArenaPool *poolp;
CRMFCertReqMsg *reqMsg;
poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
@@ -497,49 +495,49 @@ CRMF_CreateCertReqMsg(void)
}
reqMsg->poolp = poolp;
return reqMsg;
-
- loser:
+
+loser:
if (poolp) {
PORT_FreeArena(poolp, PR_FALSE);
}
return NULL;
}
-SECStatus
+SECStatus
CRMF_DestroyCertReqMsg(CRMFCertReqMsg *inCertReqMsg)
{
PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->poolp != NULL);
if (!inCertReqMsg->isDecoded) {
if (inCertReqMsg->certReq->certTemplate.extensions != NULL) {
- PORT_Free(inCertReqMsg->certReq->certTemplate.extensions);
- }
- if (inCertReqMsg->certReq->controls != NULL) {
- PORT_Free(inCertReqMsg->certReq->controls);
- }
+ PORT_Free(inCertReqMsg->certReq->certTemplate.extensions);
+ }
+ if (inCertReqMsg->certReq->controls != NULL) {
+ PORT_Free(inCertReqMsg->certReq->controls);
+ }
}
PORT_FreeArena(inCertReqMsg->poolp, PR_TRUE);
return SECSuccess;
}
-CRMFCertExtension*
+CRMFCertExtension *
crmf_create_cert_extension(PLArenaPool *poolp,
- SECOidTag id,
- PRBool isCritical,
- SECItem *data)
+ SECOidTag id,
+ PRBool isCritical,
+ SECItem *data)
{
CRMFCertExtension *newExt;
- SECOidData *oidData;
- SECStatus rv;
+ SECOidData *oidData;
+ SECStatus rv;
newExt = (poolp == NULL) ? PORT_ZNew(CRMFCertExtension) :
- PORT_ArenaZNew(poolp, CRMFCertExtension);
+ PORT_ArenaZNew(poolp, CRMFCertExtension);
if (newExt == NULL) {
goto loser;
}
oidData = SECOID_FindOIDByTag(id);
- if (oidData == NULL ||
- oidData->supportedExtension != SUPPORTED_CERT_EXTENSION) {
- goto loser;
+ if (oidData == NULL ||
+ oidData->supportedExtension != SUPPORTED_CERT_EXTENSION) {
+ goto loser;
}
rv = SECITEM_CopyItem(poolp, &(newExt->id), &(oidData->oid));
@@ -553,17 +551,18 @@ crmf_create_cert_extension(PLArenaPool *poolp,
}
if (isCritical) {
- newExt->critical.data = (poolp == NULL) ?
- PORT_New(unsigned char) :
- PORT_ArenaNew(poolp, unsigned char);
- if (newExt->critical.data == NULL) {
- goto loser;
- }
- newExt->critical.data[0] = hexTrue;
- newExt->critical.len = 1;
+ newExt->critical.data = (poolp == NULL) ?
+ PORT_New(unsigned char)
+ :
+ PORT_ArenaNew(poolp, unsigned char);
+ if (newExt->critical.data == NULL) {
+ goto loser;
+ }
+ newExt->critical.data[0] = hexTrue;
+ newExt->critical.len = 1;
}
return newExt;
- loser:
+loser:
if (newExt != NULL && poolp == NULL) {
CRMF_DestroyCertExtension(newExt);
}
@@ -572,8 +571,8 @@ crmf_create_cert_extension(PLArenaPool *poolp,
CRMFCertExtension *
CRMF_CreateCertExtension(SECOidTag id,
- PRBool isCritical,
- SECItem *data)
+ PRBool isCritical,
+ SECItem *data)
{
return crmf_create_cert_extension(NULL, id, isCritical, data);
}
@@ -582,12 +581,12 @@ static SECStatus
crmf_destroy_cert_extension(CRMFCertExtension *inExtension, PRBool freeit)
{
if (inExtension != NULL) {
- SECITEM_FreeItem (&(inExtension->id), PR_FALSE);
- SECITEM_FreeItem (&(inExtension->value), PR_FALSE);
- SECITEM_FreeItem (&(inExtension->critical), PR_FALSE);
- if (freeit) {
- PORT_Free(inExtension);
- }
+ SECITEM_FreeItem(&(inExtension->id), PR_FALSE);
+ SECITEM_FreeItem(&(inExtension->value), PR_FALSE);
+ SECITEM_FreeItem(&(inExtension->critical), PR_FALSE);
+ if (freeit) {
+ PORT_Free(inExtension);
+ }
}
return SECSuccess;
}
@@ -599,9 +598,9 @@ CRMF_DestroyCertExtension(CRMFCertExtension *inExtension)
}
SECStatus
-CRMF_DestroyCertReqMessages(CRMFCertReqMessages *inCertReqMsgs)
+CRMF_DestroyCertReqMessages(CRMFCertReqMessages *inCertReqMsgs)
{
- PORT_Assert (inCertReqMsgs != NULL);
+ PORT_Assert(inCertReqMsgs != NULL);
if (inCertReqMsgs != NULL) {
PORT_FreeArena(inCertReqMsgs->poolp, PR_TRUE);
}
@@ -618,53 +617,53 @@ crmf_item_has_data(SECItem *item)
}
PRBool
-CRMF_CertRequestIsFieldPresent(CRMFCertRequest *inCertReq,
- CRMFCertTemplateField inTemplateField)
+CRMF_CertRequestIsFieldPresent(CRMFCertRequest *inCertReq,
+ CRMFCertTemplateField inTemplateField)
{
- PRBool retVal;
+ PRBool retVal;
CRMFCertTemplate *certTemplate;
PORT_Assert(inCertReq != NULL);
if (inCertReq == NULL) {
- /* This is probably some kind of error, but this is
- * the safest return value for this function.
- */
+ /* This is probably some kind of error, but this is
+ * the safest return value for this function.
+ */
return PR_FALSE;
}
certTemplate = &inCertReq->certTemplate;
switch (inTemplateField) {
- case crmfVersion:
- retVal = crmf_item_has_data(&certTemplate->version);
- break;
- case crmfSerialNumber:
- retVal = crmf_item_has_data(&certTemplate->serialNumber);
- break;
- case crmfSigningAlg:
- retVal = IS_NOT_NULL(certTemplate->signingAlg);
- break;
- case crmfIssuer:
- retVal = IS_NOT_NULL(certTemplate->issuer);
- break;
- case crmfValidity:
- retVal = IS_NOT_NULL(certTemplate->validity);
- break;
- case crmfSubject:
- retVal = IS_NOT_NULL(certTemplate->subject);
- break;
- case crmfPublicKey:
- retVal = IS_NOT_NULL(certTemplate->publicKey);
- break;
- case crmfIssuerUID:
- retVal = crmf_item_has_data(&certTemplate->issuerUID);
- break;
- case crmfSubjectUID:
- retVal = crmf_item_has_data(&certTemplate->subjectUID);
- break;
- case crmfExtension:
- retVal = IS_NOT_NULL(certTemplate->extensions);
- break;
- default:
- retVal = PR_FALSE;
+ case crmfVersion:
+ retVal = crmf_item_has_data(&certTemplate->version);
+ break;
+ case crmfSerialNumber:
+ retVal = crmf_item_has_data(&certTemplate->serialNumber);
+ break;
+ case crmfSigningAlg:
+ retVal = IS_NOT_NULL(certTemplate->signingAlg);
+ break;
+ case crmfIssuer:
+ retVal = IS_NOT_NULL(certTemplate->issuer);
+ break;
+ case crmfValidity:
+ retVal = IS_NOT_NULL(certTemplate->validity);
+ break;
+ case crmfSubject:
+ retVal = IS_NOT_NULL(certTemplate->subject);
+ break;
+ case crmfPublicKey:
+ retVal = IS_NOT_NULL(certTemplate->publicKey);
+ break;
+ case crmfIssuerUID:
+ retVal = crmf_item_has_data(&certTemplate->issuerUID);
+ break;
+ case crmfSubjectUID:
+ retVal = crmf_item_has_data(&certTemplate->subjectUID);
+ break;
+ case crmfExtension:
+ retVal = IS_NOT_NULL(certTemplate->extensions);
+ break;
+ default:
+ retVal = PR_FALSE;
}
return retVal;
}
diff --git a/lib/crmf/crmft.h b/lib/crmf/crmft.h
index e12aa02c8..8d83cf1e6 100644
--- a/lib/crmf/crmft.h
+++ b/lib/crmf/crmft.h
@@ -3,8 +3,7 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-/* Header file with all of the structures and types that will be exported
+/* Header file with all of the structures and types that will be exported
* by the security library for implementation of CRMF.
*/
@@ -47,7 +46,7 @@ typedef enum {
} CRMFPublicationAction;
/*
- * An enumeration for the possible for pubMethod which is a part of
+ * An enumeration for the possible for pubMethod which is a part of
* the SinglePubInfo ASN1 type.
*/
typedef enum {
@@ -79,7 +78,7 @@ typedef enum {
} CRMFPOPChoice;
/*
- * An enumertion type for options for the authInfo field of the
+ * An enumertion type for options for the authInfo field of the
* CRMFPOPOSigningKeyInput structure.
*/
typedef enum {
@@ -132,41 +131,41 @@ typedef enum {
* The number of DER encoded bytes to write out.
*
*/
-typedef void (*CRMFEncoderOutputCallback) (void *arg,
- const char *buf,
- unsigned long len);
+typedef void (*CRMFEncoderOutputCallback)(void *arg,
+ const char *buf,
+ unsigned long len);
/*
* Type for the function that gets a password. Just in case we ever
* need to support publicKeyMAC for POPOSigningKeyInput
*/
-typedef SECItem* (*CRMFMACPasswordCallback) (void *arg);
-
-typedef struct CRMFOptionalValidityStr CRMFOptionalValidity;
-typedef struct CRMFValidityCreationInfoStr CRMFGetValidity;
-typedef struct CRMFCertTemplateStr CRMFCertTemplate;
-typedef struct CRMFCertRequestStr CRMFCertRequest;
-typedef struct CRMFCertReqMsgStr CRMFCertReqMsg;
-typedef struct CRMFCertReqMessagesStr CRMFCertReqMessages;
-typedef struct CRMFProofOfPossessionStr CRMFProofOfPossession;
-typedef struct CRMFPOPOSigningKeyStr CRMFPOPOSigningKey;
-typedef struct CRMFPOPOSigningKeyInputStr CRMFPOPOSigningKeyInput;
-typedef struct CRMFPOPOPrivKeyStr CRMFPOPOPrivKey;
-typedef struct CRMFPKIPublicationInfoStr CRMFPKIPublicationInfo;
-typedef struct CRMFSinglePubInfoStr CRMFSinglePubInfo;
-typedef struct CRMFPKIArchiveOptionsStr CRMFPKIArchiveOptions;
-typedef struct CRMFEncryptedKeyStr CRMFEncryptedKey;
-typedef struct CRMFEncryptedValueStr CRMFEncryptedValue;
-typedef struct CRMFCertIDStr CRMFCertID;
-typedef struct CRMFCertIDStr CRMFOldCertID;
-typedef CERTSubjectPublicKeyInfo CRMFProtocolEncrKey;
-typedef struct CRMFValidityCreationInfoStr CRMFValidityCreationInfo;
-typedef struct CRMFCertExtCreationInfoStr CRMFCertExtCreationInfo;
-typedef struct CRMFPKMACValueStr CRMFPKMACValue;
-typedef struct CRMFAttributeStr CRMFAttribute;
-typedef struct CRMFControlStr CRMFControl;
-typedef CERTGeneralName CRMFGeneralName;
-typedef struct CRMFCertExtensionStr CRMFCertExtension;
+typedef SECItem *(*CRMFMACPasswordCallback)(void *arg);
+
+typedef struct CRMFOptionalValidityStr CRMFOptionalValidity;
+typedef struct CRMFValidityCreationInfoStr CRMFGetValidity;
+typedef struct CRMFCertTemplateStr CRMFCertTemplate;
+typedef struct CRMFCertRequestStr CRMFCertRequest;
+typedef struct CRMFCertReqMsgStr CRMFCertReqMsg;
+typedef struct CRMFCertReqMessagesStr CRMFCertReqMessages;
+typedef struct CRMFProofOfPossessionStr CRMFProofOfPossession;
+typedef struct CRMFPOPOSigningKeyStr CRMFPOPOSigningKey;
+typedef struct CRMFPOPOSigningKeyInputStr CRMFPOPOSigningKeyInput;
+typedef struct CRMFPOPOPrivKeyStr CRMFPOPOPrivKey;
+typedef struct CRMFPKIPublicationInfoStr CRMFPKIPublicationInfo;
+typedef struct CRMFSinglePubInfoStr CRMFSinglePubInfo;
+typedef struct CRMFPKIArchiveOptionsStr CRMFPKIArchiveOptions;
+typedef struct CRMFEncryptedKeyStr CRMFEncryptedKey;
+typedef struct CRMFEncryptedValueStr CRMFEncryptedValue;
+typedef struct CRMFCertIDStr CRMFCertID;
+typedef struct CRMFCertIDStr CRMFOldCertID;
+typedef CERTSubjectPublicKeyInfo CRMFProtocolEncrKey;
+typedef struct CRMFValidityCreationInfoStr CRMFValidityCreationInfo;
+typedef struct CRMFCertExtCreationInfoStr CRMFCertExtCreationInfo;
+typedef struct CRMFPKMACValueStr CRMFPKMACValue;
+typedef struct CRMFAttributeStr CRMFAttribute;
+typedef struct CRMFControlStr CRMFControl;
+typedef CERTGeneralName CRMFGeneralName;
+typedef struct CRMFCertExtensionStr CRMFCertExtension;
struct CRMFValidityCreationInfoStr {
PRTime *notBefore;
@@ -184,5 +183,4 @@ struct CRMFCertExtCreationInfoStr {
extern const SEC_ASN1Template CRMFCertReqMessagesTemplate[];
extern const SEC_ASN1Template CRMFCertRequestTemplate[];
-
#endif /*_CRMFT_H_*/
diff --git a/lib/crmf/crmftmpl.c b/lib/crmf/crmftmpl.c
index ac9fd8eb9..265a15dd5 100644
--- a/lib/crmf/crmftmpl.c
+++ b/lib/crmf/crmftmpl.c
@@ -18,26 +18,26 @@ SEC_ASN1_MKSUB(CERT_TimeChoiceTemplate)
SEC_ASN1_MKSUB(CERT_SubjectPublicKeyInfoTemplate)
SEC_ASN1_MKSUB(CERT_NameTemplate)
-/*
+/*
* It's all implicit tagging.
*/
const SEC_ASN1Template CRMFControlTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFControl)},
- { SEC_ASN1_OBJECT_ID, offsetof(CRMFControl, derTag)},
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFControl) },
+ { SEC_ASN1_OBJECT_ID, offsetof(CRMFControl, derTag) },
{ SEC_ASN1_ANY, offsetof(CRMFControl, derValue) },
{ 0 }
};
static const SEC_ASN1Template CRMFCertExtensionTemplate[] = {
{ SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CRMFCertExtension) },
+ 0, NULL, sizeof(CRMFCertExtension) },
{ SEC_ASN1_OBJECT_ID,
- offsetof(CRMFCertExtension,id) },
+ offsetof(CRMFCertExtension, id) },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_BOOLEAN,
- offsetof(CRMFCertExtension,critical) },
+ offsetof(CRMFCertExtension, critical) },
{ SEC_ASN1_OCTET_STRING,
- offsetof(CRMFCertExtension,value) },
+ offsetof(CRMFCertExtension, value) },
{ 0 }
};
@@ -46,78 +46,78 @@ static const SEC_ASN1Template CRMFSequenceOfCertExtensionTemplate[] = {
};
static const SEC_ASN1Template CRMFOptionalValidityTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof (CRMFOptionalValidity) },
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFOptionalValidity) },
{ SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_NO_STREAM |
- SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN | 0,
- offsetof (CRMFOptionalValidity, notBefore),
+ SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN | 0,
+ offsetof(CRMFOptionalValidity, notBefore),
SEC_ASN1_SUB(CERT_TimeChoiceTemplate) },
{ SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_NO_STREAM |
- SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN | 1,
- offsetof (CRMFOptionalValidity, notAfter),
+ SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN | 1,
+ offsetof(CRMFOptionalValidity, notAfter),
SEC_ASN1_SUB(CERT_TimeChoiceTemplate) },
{ 0 }
};
static const SEC_ASN1Template crmfPointerToNameTemplate[] = {
- { SEC_ASN1_POINTER | SEC_ASN1_XTRN, 0, SEC_ASN1_SUB(CERT_NameTemplate)},
+ { SEC_ASN1_POINTER | SEC_ASN1_XTRN, 0, SEC_ASN1_SUB(CERT_NameTemplate) },
{ 0 }
};
static const SEC_ASN1Template CRMFCertTemplateTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFCertTemplate) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
- offsetof(CRMFCertTemplate, version),
- SEC_ASN1_SUB(SEC_IntegerTemplate) },
- { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN | 1 ,
- offsetof (CRMFCertTemplate, serialNumber),
- SEC_ASN1_SUB(SEC_IntegerTemplate) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER |
- SEC_ASN1_XTRN | 2,
- offsetof (CRMFCertTemplate, signingAlg),
- SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC |
- SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | 3,
- offsetof (CRMFCertTemplate, issuer), crmfPointerToNameTemplate },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | 4,
- offsetof (CRMFCertTemplate, validity),
- CRMFOptionalValidityTemplate },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC |
- SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | 5,
- offsetof (CRMFCertTemplate, subject), crmfPointerToNameTemplate },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER |
- SEC_ASN1_XTRN | 6,
- offsetof (CRMFCertTemplate, publicKey),
- SEC_ASN1_SUB(CERT_SubjectPublicKeyInfoTemplate) },
- { SEC_ASN1_NO_STREAM | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL |
- SEC_ASN1_XTRN | 7,
- offsetof (CRMFCertTemplate, issuerUID),
- SEC_ASN1_SUB(SEC_BitStringTemplate) },
- { SEC_ASN1_NO_STREAM | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL |
- SEC_ASN1_XTRN | 8,
- offsetof (CRMFCertTemplate, subjectUID),
- SEC_ASN1_SUB(SEC_BitStringTemplate) },
- { SEC_ASN1_CONSTRUCTED | SEC_ASN1_OPTIONAL |
- SEC_ASN1_CONTEXT_SPECIFIC | 9,
- offsetof (CRMFCertTemplate, extensions),
- CRMFSequenceOfCertExtensionTemplate },
- { 0 }
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFCertTemplate) },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
+ offsetof(CRMFCertTemplate, version),
+ SEC_ASN1_SUB(SEC_IntegerTemplate) },
+ { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN | 1,
+ offsetof(CRMFCertTemplate, serialNumber),
+ SEC_ASN1_SUB(SEC_IntegerTemplate) },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER |
+ SEC_ASN1_XTRN | 2,
+ offsetof(CRMFCertTemplate, signingAlg),
+ SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC |
+ SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | 3,
+ offsetof(CRMFCertTemplate, issuer), crmfPointerToNameTemplate },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | 4,
+ offsetof(CRMFCertTemplate, validity),
+ CRMFOptionalValidityTemplate },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC |
+ SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | 5,
+ offsetof(CRMFCertTemplate, subject), crmfPointerToNameTemplate },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER |
+ SEC_ASN1_XTRN | 6,
+ offsetof(CRMFCertTemplate, publicKey),
+ SEC_ASN1_SUB(CERT_SubjectPublicKeyInfoTemplate) },
+ { SEC_ASN1_NO_STREAM | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL |
+ SEC_ASN1_XTRN | 7,
+ offsetof(CRMFCertTemplate, issuerUID),
+ SEC_ASN1_SUB(SEC_BitStringTemplate) },
+ { SEC_ASN1_NO_STREAM | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL |
+ SEC_ASN1_XTRN | 8,
+ offsetof(CRMFCertTemplate, subjectUID),
+ SEC_ASN1_SUB(SEC_BitStringTemplate) },
+ { SEC_ASN1_CONSTRUCTED | SEC_ASN1_OPTIONAL |
+ SEC_ASN1_CONTEXT_SPECIFIC | 9,
+ offsetof(CRMFCertTemplate, extensions),
+ CRMFSequenceOfCertExtensionTemplate },
+ { 0 }
};
static const SEC_ASN1Template CRMFAttributeTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFAttribute)},
- { SEC_ASN1_OBJECT_ID, offsetof(CRMFAttribute, derTag)},
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFAttribute) },
+ { SEC_ASN1_OBJECT_ID, offsetof(CRMFAttribute, derTag) },
{ SEC_ASN1_ANY, offsetof(CRMFAttribute, derValue) },
{ 0 }
};
const SEC_ASN1Template CRMFCertRequestTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof (CRMFCertRequest) },
- { SEC_ASN1_INTEGER, offsetof(CRMFCertRequest, certReqId)},
- { SEC_ASN1_INLINE, offsetof(CRMFCertRequest, certTemplate),
- CRMFCertTemplateTemplate},
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFCertRequest) },
+ { SEC_ASN1_INTEGER, offsetof(CRMFCertRequest, certReqId) },
+ { SEC_ASN1_INLINE, offsetof(CRMFCertRequest, certTemplate),
+ CRMFCertTemplateTemplate },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_SEQUENCE_OF,
- offsetof(CRMFCertRequest,controls),
- CRMFControlTemplate}, /* SEQUENCE SIZE (1...MAX)*/
+ offsetof(CRMFCertRequest, controls),
+ CRMFControlTemplate }, /* SEQUENCE SIZE (1...MAX)*/
{ 0 }
};
@@ -128,35 +128,34 @@ const SEC_ASN1Template CRMFCertReqMsgTemplate[] = {
{ SEC_ASN1_ANY | SEC_ASN1_OPTIONAL,
offsetof(CRMFCertReqMsg, derPOP) },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_SEQUENCE_OF,
- offsetof(CRMFCertReqMsg, regInfo),
- CRMFAttributeTemplate}, /* SEQUENCE SIZE (1...MAX)*/
+ offsetof(CRMFCertReqMsg, regInfo),
+ CRMFAttributeTemplate }, /* SEQUENCE SIZE (1...MAX)*/
{ 0 }
};
const SEC_ASN1Template CRMFCertReqMessagesTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF, offsetof(CRMFCertReqMessages, messages),
- CRMFCertReqMsgTemplate, sizeof (CRMFCertReqMessages)}
+ { SEC_ASN1_SEQUENCE_OF, offsetof(CRMFCertReqMessages, messages),
+ CRMFCertReqMsgTemplate, sizeof(CRMFCertReqMessages) }
};
const SEC_ASN1Template CRMFRAVerifiedTemplate[] = {
- { SEC_ASN1_CONTEXT_SPECIFIC | 0 | SEC_ASN1_XTRN,
+ { SEC_ASN1_CONTEXT_SPECIFIC | 0 | SEC_ASN1_XTRN,
0,
SEC_ASN1_SUB(SEC_NullTemplate) },
{ 0 }
};
-
/* This template will need to add POPOSigningKeyInput eventually, maybe*/
static const SEC_ASN1Template crmfPOPOSigningKeyTemplate[] = {
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFPOPOSigningKey) },
- { SEC_ASN1_NO_STREAM | SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC |
- SEC_ASN1_XTRN | 0,
- offsetof(CRMFPOPOSigningKey, derInput),
+ { SEC_ASN1_NO_STREAM | SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC |
+ SEC_ASN1_XTRN | 0,
+ offsetof(CRMFPOPOSigningKey, derInput),
SEC_ASN1_SUB(SEC_AnyTemplate) },
- { SEC_ASN1_POINTER | SEC_ASN1_XTRN,
+ { SEC_ASN1_POINTER | SEC_ASN1_XTRN,
offsetof(CRMFPOPOSigningKey, algorithmIdentifier),
SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
- { SEC_ASN1_BIT_STRING | SEC_ASN1_XTRN,
+ { SEC_ASN1_BIT_STRING | SEC_ASN1_XTRN,
offsetof(CRMFPOPOSigningKey, signature),
SEC_ASN1_SUB(SEC_BitStringTemplate) },
{ 0 }
@@ -165,7 +164,7 @@ static const SEC_ASN1Template crmfPOPOSigningKeyTemplate[] = {
const SEC_ASN1Template CRMFPOPOSigningKeyTemplate[] = {
{ SEC_ASN1_CONTEXT_SPECIFIC | 1,
0,
- crmfPOPOSigningKeyTemplate},
+ crmfPOPOSigningKeyTemplate },
{ 0 }
};
@@ -178,7 +177,7 @@ const SEC_ASN1Template CRMFThisMessageTemplate[] = {
const SEC_ASN1Template CRMFSubsequentMessageTemplate[] = {
{ SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1,
- 0,
+ 0,
SEC_ASN1_SUB(SEC_IntegerTemplate) },
{ 0 }
};
@@ -191,51 +190,51 @@ const SEC_ASN1Template CRMFDHMACTemplate[] = {
};
const SEC_ASN1Template CRMFPOPOKeyEnciphermentTemplate[] = {
- { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED |
- SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 2,
+ { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED |
+ SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 2,
0,
SEC_ASN1_SUB(SEC_AnyTemplate) },
{ 0 }
};
const SEC_ASN1Template CRMFPOPOKeyAgreementTemplate[] = {
- { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED |
- SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 3,
+ { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED |
+ SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 3,
0,
- SEC_ASN1_SUB(SEC_AnyTemplate)},
+ SEC_ASN1_SUB(SEC_AnyTemplate) },
{ 0 }
};
const SEC_ASN1Template CRMFEncryptedValueTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFEncryptedValue)},
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER |
- SEC_ASN1_XTRN | 0,
- offsetof(CRMFEncryptedValue, intendedAlg),
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFEncryptedValue) },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER |
+ SEC_ASN1_XTRN | 0,
+ offsetof(CRMFEncryptedValue, intendedAlg),
SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER |
- SEC_ASN1_XTRN | 1,
- offsetof (CRMFEncryptedValue, symmAlg),
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER |
+ SEC_ASN1_XTRN | 1,
+ offsetof(CRMFEncryptedValue, symmAlg),
SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
- { SEC_ASN1_NO_STREAM | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL |
- SEC_ASN1_XTRN | 2,
- offsetof(CRMFEncryptedValue, encSymmKey),
+ { SEC_ASN1_NO_STREAM | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL |
+ SEC_ASN1_XTRN | 2,
+ offsetof(CRMFEncryptedValue, encSymmKey),
SEC_ASN1_SUB(SEC_BitStringTemplate) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER |
- SEC_ASN1_XTRN | 3,
- offsetof(CRMFEncryptedValue, keyAlg),
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER |
+ SEC_ASN1_XTRN | 3,
+ offsetof(CRMFEncryptedValue, keyAlg),
SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
- { SEC_ASN1_NO_STREAM | SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC |
- SEC_ASN1_XTRN | 4,
+ { SEC_ASN1_NO_STREAM | SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC |
+ SEC_ASN1_XTRN | 4,
offsetof(CRMFEncryptedValue, valueHint),
SEC_ASN1_SUB(SEC_OctetStringTemplate) },
{ SEC_ASN1_BIT_STRING, offsetof(CRMFEncryptedValue, encValue) },
{ 0 }
};
-const SEC_ASN1Template CRMFEncryptedKeyWithEncryptedValueTemplate [] = {
- { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED |
- SEC_ASN1_CONTEXT_SPECIFIC | 0,
+const SEC_ASN1Template CRMFEncryptedKeyWithEncryptedValueTemplate[] = {
+ { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED |
+ SEC_ASN1_CONTEXT_SPECIFIC | 0,
0,
- CRMFEncryptedValueTemplate},
+ CRMFEncryptedValueTemplate },
{ 0 }
};
diff --git a/lib/crmf/encutil.c b/lib/crmf/encutil.c
index ffa99edcc..8ca7007b6 100644
--- a/lib/crmf/encutil.c
+++ b/lib/crmf/encutil.c
@@ -9,17 +9,17 @@
void
crmf_encoder_out(void *arg, const char *buf, unsigned long len,
- int depth, SEC_ASN1EncodingPart data_kind)
+ int depth, SEC_ASN1EncodingPart data_kind)
{
struct crmfEncoderOutput *output;
- output = (struct crmfEncoderOutput*) arg;
- output->fn (output->outputArg, buf, len);
+ output = (struct crmfEncoderOutput *)arg;
+ output->fn(output->outputArg, buf, len);
}
SECStatus
cmmf_user_encode(void *src, CRMFEncoderOutputCallback inCallback, void *inArg,
- const SEC_ASN1Template *inTemplate)
+ const SEC_ASN1Template *inTemplate)
{
struct crmfEncoderOutput output;
@@ -27,8 +27,7 @@ cmmf_user_encode(void *src, CRMFEncoderOutputCallback inCallback, void *inArg,
if (src == NULL) {
return SECFailure;
}
- output.fn = inCallback;
+ output.fn = inCallback;
output.outputArg = inArg;
- return SEC_ASN1Encode(src, inTemplate, crmf_encoder_out, &output);
+ return SEC_ASN1Encode(src, inTemplate, crmf_encoder_out, &output);
}
-
diff --git a/lib/crmf/respcli.c b/lib/crmf/respcli.c
index 5525aaf26..aaec0136f 100644
--- a/lib/crmf/respcli.c
+++ b/lib/crmf/respcli.c
@@ -3,9 +3,8 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
/*
- * This file will contain all routines needed by a client that has
+ * This file will contain all routines needed by a client that has
* to parse a CMMFCertRepContent structure and retirieve the appropriate
* data.
*/
@@ -18,14 +17,14 @@
#include "secder.h"
#include "secasn1.h"
-CMMFCertRepContent*
-CMMF_CreateCertRepContentFromDER(CERTCertDBHandle *db, const char *buf,
- long len)
+CMMFCertRepContent *
+CMMF_CreateCertRepContentFromDER(CERTCertDBHandle *db, const char *buf,
+ long len)
{
- PLArenaPool *poolp;
+ PLArenaPool *poolp;
CMMFCertRepContent *certRepContent;
- SECStatus rv;
- int i;
+ SECStatus rv;
+ int i;
poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
if (poolp == NULL) {
@@ -37,22 +36,22 @@ CMMF_CreateCertRepContentFromDER(CERTCertDBHandle *db, const char *buf,
}
certRepContent->poolp = poolp;
rv = SEC_ASN1Decode(poolp, certRepContent, CMMFCertRepContentTemplate,
- buf, len);
+ buf, len);
if (rv != SECSuccess) {
goto loser;
}
if (certRepContent->response != NULL) {
- for (i=0; certRepContent->response[i] != NULL; i++) {
- rv = cmmf_decode_process_cert_response(poolp, db,
- certRepContent->response[i]);
- if (rv != SECSuccess) {
- goto loser;
- }
- }
+ for (i = 0; certRepContent->response[i] != NULL; i++) {
+ rv = cmmf_decode_process_cert_response(poolp, db,
+ certRepContent->response[i]);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
+ }
}
certRepContent->isDecoded = PR_TRUE;
return certRepContent;
- loser:
+loser:
PORT_FreeArena(poolp, PR_FALSE);
return NULL;
}
@@ -69,7 +68,7 @@ CMMF_CertResponseGetCertReqId(CMMFCertResponse *inCertResp)
PRBool
cmmf_CertRepContentIsIndexValid(CMMFCertRepContent *inCertRepContent,
- int inIndex)
+ int inIndex)
{
int numResponses;
@@ -78,27 +77,27 @@ cmmf_CertRepContentIsIndexValid(CMMFCertRepContent *inCertRepContent,
return (PRBool)(inIndex >= 0 && inIndex < numResponses);
}
-CMMFCertResponse*
+CMMFCertResponse *
CMMF_CertRepContentGetResponseAtIndex(CMMFCertRepContent *inCertRepContent,
- int inIndex)
+ int inIndex)
{
CMMFCertResponse *certResponse;
- SECStatus rv;
+ SECStatus rv;
PORT_Assert(inCertRepContent != NULL &&
- cmmf_CertRepContentIsIndexValid(inCertRepContent, inIndex));
+ cmmf_CertRepContentIsIndexValid(inCertRepContent, inIndex));
if (inCertRepContent == NULL ||
- !cmmf_CertRepContentIsIndexValid(inCertRepContent, inIndex)) {
+ !cmmf_CertRepContentIsIndexValid(inCertRepContent, inIndex)) {
return NULL;
}
certResponse = PORT_ZNew(CMMFCertResponse);
- if (certResponse){
- rv = cmmf_CopyCertResponse(NULL, certResponse,
- inCertRepContent->response[inIndex]);
- if (rv != SECSuccess) {
- CMMF_DestroyCertResponse(certResponse);
- certResponse = NULL;
- }
+ if (certResponse) {
+ rv = cmmf_CopyCertResponse(NULL, certResponse,
+ inCertRepContent->response[inIndex]);
+ if (rv != SECSuccess) {
+ CMMF_DestroyCertResponse(certResponse);
+ certResponse = NULL;
+ }
}
return certResponse;
}
@@ -113,27 +112,25 @@ CMMF_CertResponseGetPKIStatusInfoStatus(CMMFCertResponse *inCertResp)
return cmmf_PKIStatusInfoGetStatus(&inCertResp->status);
}
-CERTCertificate*
+CERTCertificate *
CMMF_CertResponseGetCertificate(CMMFCertResponse *inCertResp,
- CERTCertDBHandle *inCertdb)
+ CERTCertDBHandle *inCertdb)
{
PORT_Assert(inCertResp != NULL);
if (inCertResp == NULL || inCertResp->certifiedKeyPair == NULL) {
return NULL;
}
-
+
return cmmf_CertOrEncCertGetCertificate(
- &inCertResp->certifiedKeyPair->certOrEncCert, inCertdb);
-
+ &inCertResp->certifiedKeyPair->certOrEncCert, inCertdb);
}
-CERTCertList*
-CMMF_CertRepContentGetCAPubs (CMMFCertRepContent *inCertRepContent)
+CERTCertList *
+CMMF_CertRepContentGetCAPubs(CMMFCertRepContent *inCertRepContent)
{
- PORT_Assert (inCertRepContent != NULL);
+ PORT_Assert(inCertRepContent != NULL);
if (inCertRepContent == NULL || inCertRepContent->caPubs == NULL) {
return NULL;
}
return cmmf_MakeCertList(inCertRepContent->caPubs);
}
-
diff --git a/lib/crmf/respcmn.c b/lib/crmf/respcmn.c
index 1353d367e..3f5f15ace 100644
--- a/lib/crmf/respcmn.c
+++ b/lib/crmf/respcmn.c
@@ -8,8 +8,8 @@
#include "secitem.h"
#include "secder.h"
-SECStatus
-cmmf_DestroyPKIStatusInfo (CMMFPKIStatusInfo *info, PRBool freeit)
+SECStatus
+cmmf_DestroyPKIStatusInfo(CMMFPKIStatusInfo *info, PRBool freeit)
{
if (info->status.data != NULL) {
PORT_Free(info->status.data);
@@ -35,13 +35,13 @@ CMMF_DestroyCertResponse(CMMFCertResponse *inCertResp)
PORT_Assert(inCertResp != NULL);
if (inCertResp != NULL) {
if (inCertResp->certReqId.data != NULL) {
- PORT_Free(inCertResp->certReqId.data);
- }
- cmmf_DestroyPKIStatusInfo(&inCertResp->status, PR_FALSE);
- if (inCertResp->certifiedKeyPair != NULL) {
- CMMF_DestroyCertifiedKeyPair(inCertResp->certifiedKeyPair);
- }
- PORT_Free(inCertResp);
+ PORT_Free(inCertResp->certReqId.data);
+ }
+ cmmf_DestroyPKIStatusInfo(&inCertResp->status, PR_FALSE);
+ if (inCertResp->certifiedKeyPair != NULL) {
+ CMMF_DestroyCertifiedKeyPair(inCertResp->certifiedKeyPair);
+ }
+ PORT_Free(inCertResp);
}
return SECSuccess;
}
@@ -51,32 +51,31 @@ CMMF_DestroyCertRepContent(CMMFCertRepContent *inCertRepContent)
{
PORT_Assert(inCertRepContent != NULL);
if (inCertRepContent != NULL) {
- CMMFCertResponse **pResponse = inCertRepContent->response;
+ CMMFCertResponse **pResponse = inCertRepContent->response;
if (pResponse != NULL) {
for (; *pResponse != NULL; pResponse++) {
- CMMFCertifiedKeyPair *certKeyPair = (*pResponse)->certifiedKeyPair;
- /* XXX Why not call CMMF_DestroyCertifiedKeyPair or
- ** XXX cmmf_DestroyCertOrEncCert ?
- */
- if (certKeyPair != NULL &&
+ CMMFCertifiedKeyPair *certKeyPair = (*pResponse)->certifiedKeyPair;
+ /* XXX Why not call CMMF_DestroyCertifiedKeyPair or
+ ** XXX cmmf_DestroyCertOrEncCert ?
+ */
+ if (certKeyPair != NULL &&
certKeyPair->certOrEncCert.choice == cmmfCertificate &&
certKeyPair->certOrEncCert.cert.certificate != NULL) {
- CERT_DestroyCertificate
- (certKeyPair->certOrEncCert.cert.certificate);
- certKeyPair->certOrEncCert.cert.certificate = NULL;
+ CERT_DestroyCertificate(certKeyPair->certOrEncCert.cert.certificate);
+ certKeyPair->certOrEncCert.cert.certificate = NULL;
}
}
}
- if (inCertRepContent->caPubs) {
- CERTCertificate **caPubs = inCertRepContent->caPubs;
- for (; *caPubs; ++caPubs) {
- CERT_DestroyCertificate(*caPubs);
- *caPubs = NULL;
- }
- }
- if (inCertRepContent->poolp != NULL) {
- PORT_FreeArena(inCertRepContent->poolp, PR_TRUE);
- }
+ if (inCertRepContent->caPubs) {
+ CERTCertificate **caPubs = inCertRepContent->caPubs;
+ for (; *caPubs; ++caPubs) {
+ CERT_DestroyCertificate(*caPubs);
+ *caPubs = NULL;
+ }
+ }
+ if (inCertRepContent->poolp != NULL) {
+ PORT_FreeArena(inCertRepContent->poolp, PR_TRUE);
+ }
}
return SECSuccess;
}
@@ -94,73 +93,73 @@ CMMF_DestroyPOPODecKeyChallContent(CMMFPOPODecKeyChallContent *inDecKeyCont)
SECStatus
crmf_create_prtime(SECItem *src, PRTime **dest)
{
- *dest = PORT_ZNew(PRTime);
+ *dest = PORT_ZNew(PRTime);
return DER_DecodeTimeChoice(*dest, src);
}
-CRMFCertExtension*
+CRMFCertExtension *
crmf_copy_cert_extension(PLArenaPool *poolp, CRMFCertExtension *inExtension)
{
- PRBool isCritical;
- SECOidTag id;
- SECItem *data;
+ PRBool isCritical;
+ SECOidTag id;
+ SECItem *data;
CRMFCertExtension *newExt;
PORT_Assert(inExtension != NULL);
if (inExtension == NULL) {
return NULL;
}
- id = CRMF_CertExtensionGetOidTag(inExtension);
+ id = CRMF_CertExtensionGetOidTag(inExtension);
isCritical = CRMF_CertExtensionGetIsCritical(inExtension);
- data = CRMF_CertExtensionGetValue(inExtension);
- newExt = crmf_create_cert_extension(poolp, id,
- isCritical,
- data);
+ data = CRMF_CertExtensionGetValue(inExtension);
+ newExt = crmf_create_cert_extension(poolp, id,
+ isCritical,
+ data);
SECITEM_FreeItem(data, PR_TRUE);
- return newExt;
+ return newExt;
}
-static SECItem*
+static SECItem *
cmmf_encode_certificate(CERTCertificate *inCert)
{
- return SEC_ASN1EncodeItem(NULL, NULL, inCert,
- SEC_ASN1_GET(SEC_SignedCertificateTemplate));
+ return SEC_ASN1EncodeItem(NULL, NULL, inCert,
+ SEC_ASN1_GET(SEC_SignedCertificateTemplate));
}
-CERTCertList*
+CERTCertList *
cmmf_MakeCertList(CERTCertificate **inCerts)
{
- CERTCertList *certList;
+ CERTCertList *certList;
CERTCertificate *currCert;
- SECItem *derCert, *freeCert = NULL;
- SECStatus rv;
- int i;
+ SECItem *derCert, *freeCert = NULL;
+ SECStatus rv;
+ int i;
certList = CERT_NewCertList();
if (certList == NULL) {
return NULL;
}
- for (i=0; inCerts[i] != NULL; i++) {
+ for (i = 0; inCerts[i] != NULL; i++) {
derCert = &inCerts[i]->derCert;
- if (derCert->data == NULL) {
- derCert = freeCert = cmmf_encode_certificate(inCerts[i]);
- }
- currCert=CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
- derCert, NULL, PR_FALSE, PR_TRUE);
- if (freeCert != NULL) {
- SECITEM_FreeItem(freeCert, PR_TRUE);
- freeCert = NULL;
- }
- if (currCert == NULL) {
- goto loser;
- }
- rv = CERT_AddCertToListTail(certList, currCert);
- if (rv != SECSuccess) {
- goto loser;
- }
+ if (derCert->data == NULL) {
+ derCert = freeCert = cmmf_encode_certificate(inCerts[i]);
+ }
+ currCert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
+ derCert, NULL, PR_FALSE, PR_TRUE);
+ if (freeCert != NULL) {
+ SECITEM_FreeItem(freeCert, PR_TRUE);
+ freeCert = NULL;
+ }
+ if (currCert == NULL) {
+ goto loser;
+ }
+ rv = CERT_AddCertToListTail(certList, currCert);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
}
return certList;
- loser:
+loser:
CERT_DestroyCertList(certList);
return NULL;
}
@@ -181,31 +180,30 @@ int
CMMF_CertRepContentGetNumResponses(CMMFCertRepContent *inCertRepContent)
{
int numResponses = 0;
- PORT_Assert (inCertRepContent != NULL);
+ PORT_Assert(inCertRepContent != NULL);
if (inCertRepContent != NULL && inCertRepContent->response != NULL) {
while (inCertRepContent->response[numResponses] != NULL) {
- numResponses++;
- }
+ numResponses++;
+ }
}
return numResponses;
}
-
SECStatus
cmmf_DestroyCertOrEncCert(CMMFCertOrEncCert *certOrEncCert, PRBool freeit)
{
switch (certOrEncCert->choice) {
- case cmmfCertificate:
- CERT_DestroyCertificate(certOrEncCert->cert.certificate);
- certOrEncCert->cert.certificate = NULL;
- break;
- case cmmfEncryptedCert:
- crmf_destroy_encrypted_value(certOrEncCert->cert.encryptedCert,
- PR_TRUE);
- certOrEncCert->cert.encryptedCert = NULL;
- break;
- default:
- break;
+ case cmmfCertificate:
+ CERT_DestroyCertificate(certOrEncCert->cert.certificate);
+ certOrEncCert->cert.certificate = NULL;
+ break;
+ case cmmfEncryptedCert:
+ crmf_destroy_encrypted_value(certOrEncCert->cert.encryptedCert,
+ PR_TRUE);
+ certOrEncCert->cert.encryptedCert = NULL;
+ break;
+ default:
+ break;
}
if (freeit) {
PORT_Free(certOrEncCert);
@@ -214,16 +212,17 @@ cmmf_DestroyCertOrEncCert(CMMFCertOrEncCert *certOrEncCert, PRBool freeit)
}
SECStatus
-cmmf_copy_secitem (PLArenaPool *poolp, SECItem *dest, SECItem *src)
+cmmf_copy_secitem(PLArenaPool *poolp, SECItem *dest, SECItem *src)
{
SECStatus rv;
if (src->data != NULL) {
rv = SECITEM_CopyItem(poolp, dest, src);
- } else {
+ }
+ else {
dest->data = NULL;
- dest->len = 0;
- rv = SECSuccess;
+ dest->len = 0;
+ rv = SECSuccess;
}
return rv;
}
@@ -246,161 +245,159 @@ CMMF_DestroyCertifiedKeyPair(CMMFCertifiedKeyPair *inCertKeyPair)
}
SECStatus
-cmmf_CopyCertResponse(PLArenaPool *poolp,
- CMMFCertResponse *dest,
- CMMFCertResponse *src)
+cmmf_CopyCertResponse(PLArenaPool *poolp,
+ CMMFCertResponse *dest,
+ CMMFCertResponse *src)
{
SECStatus rv;
if (src->certReqId.data != NULL) {
rv = SECITEM_CopyItem(poolp, &dest->certReqId, &src->certReqId);
- if (rv != SECSuccess) {
- return rv;
- }
+ if (rv != SECSuccess) {
+ return rv;
+ }
}
rv = cmmf_CopyPKIStatusInfo(poolp, &dest->status, &src->status);
if (rv != SECSuccess) {
return rv;
}
if (src->certifiedKeyPair != NULL) {
- CMMFCertifiedKeyPair *destKeyPair;
-
- destKeyPair = (poolp == NULL) ? PORT_ZNew(CMMFCertifiedKeyPair) :
- PORT_ArenaZNew(poolp, CMMFCertifiedKeyPair);
- if (!destKeyPair) {
- return SECFailure;
- }
- rv = cmmf_CopyCertifiedKeyPair(poolp, destKeyPair,
- src->certifiedKeyPair);
- if (rv != SECSuccess) {
- if (!poolp) {
- CMMF_DestroyCertifiedKeyPair(destKeyPair);
- }
- return rv;
- }
- dest->certifiedKeyPair = destKeyPair;
+ CMMFCertifiedKeyPair *destKeyPair;
+
+ destKeyPair = (poolp == NULL) ? PORT_ZNew(CMMFCertifiedKeyPair) :
+ PORT_ArenaZNew(poolp, CMMFCertifiedKeyPair);
+ if (!destKeyPair) {
+ return SECFailure;
+ }
+ rv = cmmf_CopyCertifiedKeyPair(poolp, destKeyPair,
+ src->certifiedKeyPair);
+ if (rv != SECSuccess) {
+ if (!poolp) {
+ CMMF_DestroyCertifiedKeyPair(destKeyPair);
+ }
+ return rv;
+ }
+ dest->certifiedKeyPair = destKeyPair;
}
return SECSuccess;
}
static SECStatus
cmmf_CopyCertOrEncCert(PLArenaPool *poolp, CMMFCertOrEncCert *dest,
- CMMFCertOrEncCert *src)
+ CMMFCertOrEncCert *src)
{
- SECStatus rv = SECSuccess;
+ SECStatus rv = SECSuccess;
CRMFEncryptedValue *encVal;
dest->choice = src->choice;
rv = cmmf_copy_secitem(poolp, &dest->derValue, &src->derValue);
switch (src->choice) {
- case cmmfCertificate:
- dest->cert.certificate = CERT_DupCertificate(src->cert.certificate);
- break;
- case cmmfEncryptedCert:
- encVal = (poolp == NULL) ? PORT_ZNew(CRMFEncryptedValue) :
- PORT_ArenaZNew(poolp, CRMFEncryptedValue);
- if (encVal == NULL) {
- return SECFailure;
- }
- rv = crmf_copy_encryptedvalue(poolp, src->cert.encryptedCert, encVal);
- if (rv != SECSuccess) {
- if (!poolp) {
- crmf_destroy_encrypted_value(encVal, PR_TRUE);
- }
- return rv;
- }
- dest->cert.encryptedCert = encVal;
- break;
- default:
- rv = SECFailure;
+ case cmmfCertificate:
+ dest->cert.certificate = CERT_DupCertificate(src->cert.certificate);
+ break;
+ case cmmfEncryptedCert:
+ encVal = (poolp == NULL) ? PORT_ZNew(CRMFEncryptedValue) :
+ PORT_ArenaZNew(poolp, CRMFEncryptedValue);
+ if (encVal == NULL) {
+ return SECFailure;
+ }
+ rv = crmf_copy_encryptedvalue(poolp, src->cert.encryptedCert, encVal);
+ if (rv != SECSuccess) {
+ if (!poolp) {
+ crmf_destroy_encrypted_value(encVal, PR_TRUE);
+ }
+ return rv;
+ }
+ dest->cert.encryptedCert = encVal;
+ break;
+ default:
+ rv = SECFailure;
}
return rv;
}
SECStatus
cmmf_CopyCertifiedKeyPair(PLArenaPool *poolp, CMMFCertifiedKeyPair *dest,
- CMMFCertifiedKeyPair *src)
+ CMMFCertifiedKeyPair *src)
{
SECStatus rv;
- rv = cmmf_CopyCertOrEncCert(poolp, &dest->certOrEncCert,
- &src->certOrEncCert);
+ rv = cmmf_CopyCertOrEncCert(poolp, &dest->certOrEncCert,
+ &src->certOrEncCert);
if (rv != SECSuccess) {
return rv;
}
if (src->privateKey != NULL) {
- CRMFEncryptedValue *encVal;
-
- encVal = (poolp == NULL) ? PORT_ZNew(CRMFEncryptedValue) :
- PORT_ArenaZNew(poolp, CRMFEncryptedValue);
- if (encVal == NULL) {
- return SECFailure;
- }
- rv = crmf_copy_encryptedvalue(poolp, src->privateKey,
- encVal);
- if (rv != SECSuccess) {
- if (!poolp) {
- crmf_destroy_encrypted_value(encVal, PR_TRUE);
- }
- return rv;
- }
- dest->privateKey = encVal;
+ CRMFEncryptedValue *encVal;
+
+ encVal = (poolp == NULL) ? PORT_ZNew(CRMFEncryptedValue) :
+ PORT_ArenaZNew(poolp, CRMFEncryptedValue);
+ if (encVal == NULL) {
+ return SECFailure;
+ }
+ rv = crmf_copy_encryptedvalue(poolp, src->privateKey,
+ encVal);
+ if (rv != SECSuccess) {
+ if (!poolp) {
+ crmf_destroy_encrypted_value(encVal, PR_TRUE);
+ }
+ return rv;
+ }
+ dest->privateKey = encVal;
}
- rv = cmmf_copy_secitem(poolp, &dest->derPublicationInfo,
- &src->derPublicationInfo);
+ rv = cmmf_copy_secitem(poolp, &dest->derPublicationInfo,
+ &src->derPublicationInfo);
return rv;
}
SECStatus
cmmf_CopyPKIStatusInfo(PLArenaPool *poolp, CMMFPKIStatusInfo *dest,
- CMMFPKIStatusInfo *src)
+ CMMFPKIStatusInfo *src)
{
SECStatus rv;
- rv = cmmf_copy_secitem (poolp, &dest->status, &src->status);
+ rv = cmmf_copy_secitem(poolp, &dest->status, &src->status);
if (rv != SECSuccess) {
return rv;
}
- rv = cmmf_copy_secitem (poolp, &dest->statusString, &src->statusString);
+ rv = cmmf_copy_secitem(poolp, &dest->statusString, &src->statusString);
if (rv != SECSuccess) {
return rv;
}
- rv = cmmf_copy_secitem (poolp, &dest->failInfo, &src->failInfo);
+ rv = cmmf_copy_secitem(poolp, &dest->failInfo, &src->failInfo);
return rv;
}
-CERTCertificate*
+CERTCertificate *
cmmf_CertOrEncCertGetCertificate(CMMFCertOrEncCert *certOrEncCert,
- CERTCertDBHandle *certdb)
+ CERTCertDBHandle *certdb)
{
- if (certOrEncCert->choice != cmmfCertificate ||
- certOrEncCert->cert.certificate == NULL) {
+ if (certOrEncCert->choice != cmmfCertificate ||
+ certOrEncCert->cert.certificate == NULL) {
return NULL;
}
return CERT_NewTempCertificate(certdb,
- &certOrEncCert->cert.certificate->derCert,
- NULL, PR_FALSE, PR_TRUE);
+ &certOrEncCert->cert.certificate->derCert,
+ NULL, PR_FALSE, PR_TRUE);
}
-SECStatus
-cmmf_PKIStatusInfoSetStatus(CMMFPKIStatusInfo *statusInfo,
- PLArenaPool *poolp,
- CMMFPKIStatus inStatus)
+SECStatus
+cmmf_PKIStatusInfoSetStatus(CMMFPKIStatusInfo *statusInfo,
+ PLArenaPool *poolp,
+ CMMFPKIStatus inStatus)
{
SECItem *dummy;
-
- if (inStatus <cmmfGranted || inStatus >= cmmfNumPKIStatus) {
+
+ if (inStatus < cmmfGranted || inStatus >= cmmfNumPKIStatus) {
return SECFailure;
}
- dummy = SEC_ASN1EncodeInteger(poolp, &statusInfo->status, inStatus);
+ dummy = SEC_ASN1EncodeInteger(poolp, &statusInfo->status, inStatus);
PORT_Assert(dummy == &statusInfo->status);
if (dummy != &statusInfo->status) {
SECITEM_FreeItem(dummy, PR_TRUE);
- return SECFailure;
+ return SECFailure;
}
return SECSuccess;
}
-
-
diff --git a/lib/crmf/servget.c b/lib/crmf/servget.c
index d19c8290f..c36abfe23 100644
--- a/lib/crmf/servget.c
+++ b/lib/crmf/servget.c
@@ -3,7 +3,6 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
#include "cmmf.h"
#include "cmmfi.h"
#include "secitem.h"
@@ -20,15 +19,15 @@ CRMF_EncryptedKeyGetChoice(CRMFEncryptedKey *inEncrKey)
return inEncrKey->encKeyChoice;
}
-CRMFEncryptedValue*
+CRMFEncryptedValue *
CRMF_EncryptedKeyGetEncryptedValue(CRMFEncryptedKey *inEncrKey)
{
CRMFEncryptedValue *newEncrValue = NULL;
- SECStatus rv;
+ SECStatus rv;
PORT_Assert(inEncrKey != NULL);
if (inEncrKey == NULL ||
- CRMF_EncryptedKeyGetChoice(inEncrKey) != crmfEncryptedValueChoice) {
+ CRMF_EncryptedKeyGetChoice(inEncrKey) != crmfEncryptedValueChoice) {
goto loser;
}
newEncrValue = PORT_ZNew(CRMFEncryptedValue);
@@ -36,24 +35,24 @@ CRMF_EncryptedKeyGetEncryptedValue(CRMFEncryptedKey *inEncrKey)
goto loser;
}
rv = crmf_copy_encryptedvalue(NULL, &inEncrKey->value.encryptedValue,
- newEncrValue);
+ newEncrValue);
if (rv != SECSuccess) {
goto loser;
}
return newEncrValue;
- loser:
+loser:
if (newEncrValue != NULL) {
CRMF_DestroyEncryptedValue(newEncrValue);
}
return NULL;
}
-static SECItem*
+static SECItem *
crmf_get_encvalue_bitstring(SECItem *srcItem)
{
- SECItem *newItem = NULL;
+ SECItem *newItem = NULL;
SECStatus rv;
-
+
if (srcItem->data == NULL) {
return NULL;
}
@@ -66,14 +65,14 @@ crmf_get_encvalue_bitstring(SECItem *srcItem)
goto loser;
}
return newItem;
- loser:
+loser:
if (newItem != NULL) {
SECITEM_FreeItem(newItem, PR_TRUE);
}
return NULL;
}
-SECItem*
+SECItem *
CRMF_EncryptedValueGetEncSymmKey(CRMFEncryptedValue *inEncValue)
{
if (inEncValue == NULL) {
@@ -82,7 +81,7 @@ CRMF_EncryptedValueGetEncSymmKey(CRMFEncryptedValue *inEncValue)
return crmf_get_encvalue_bitstring(&inEncValue->encSymmKey);
}
-SECItem*
+SECItem *
CRMF_EncryptedValueGetEncValue(CRMFEncryptedValue *inEncrValue)
{
if (inEncrValue == NULL || inEncrValue->encValue.data == NULL) {
@@ -91,12 +90,12 @@ CRMF_EncryptedValueGetEncValue(CRMFEncryptedValue *inEncrValue)
return crmf_get_encvalue_bitstring(&inEncrValue->encValue);
}
-static SECAlgorithmID*
+static SECAlgorithmID *
crmf_get_encvalue_algid(SECAlgorithmID *srcAlg)
{
- SECStatus rv;
+ SECStatus rv;
SECAlgorithmID *newAlgID;
-
+
if (srcAlg == NULL) {
return NULL;
}
@@ -107,7 +106,7 @@ crmf_get_encvalue_algid(SECAlgorithmID *srcAlg)
return newAlgID;
}
-SECAlgorithmID*
+SECAlgorithmID *
CRMF_EncryptedValueGetIntendedAlg(CRMFEncryptedValue *inEncValue)
{
if (inEncValue == NULL) {
@@ -116,7 +115,7 @@ CRMF_EncryptedValueGetIntendedAlg(CRMFEncryptedValue *inEncValue)
return crmf_get_encvalue_algid(inEncValue->intendedAlg);
}
-SECAlgorithmID*
+SECAlgorithmID *
CRMF_EncryptedValueGetKeyAlg(CRMFEncryptedValue *inEncValue)
{
if (inEncValue == NULL) {
@@ -125,7 +124,7 @@ CRMF_EncryptedValueGetKeyAlg(CRMFEncryptedValue *inEncValue)
return crmf_get_encvalue_algid(inEncValue->keyAlg);
}
-SECAlgorithmID*
+SECAlgorithmID *
CRMF_EncryptedValueGetSymmAlg(CRMFEncryptedValue *inEncValue)
{
if (inEncValue == NULL) {
@@ -134,7 +133,7 @@ CRMF_EncryptedValueGetSymmAlg(CRMFEncryptedValue *inEncValue)
return crmf_get_encvalue_algid(inEncValue->symmAlg);
}
-SECItem*
+SECItem *
CRMF_EncryptedValueGetValueHint(CRMFEncryptedValue *inEncValue)
{
if (inEncValue == NULL || inEncValue->valueHint.data == NULL) {
@@ -144,28 +143,28 @@ CRMF_EncryptedValueGetValueHint(CRMFEncryptedValue *inEncValue)
}
SECStatus
-CRMF_PKIArchiveOptionsGetArchiveRemGenPrivKey(CRMFPKIArchiveOptions *inOpt,
- PRBool *destVal)
+CRMF_PKIArchiveOptionsGetArchiveRemGenPrivKey(CRMFPKIArchiveOptions *inOpt,
+ PRBool *destVal)
{
if (inOpt == NULL || destVal == NULL ||
- CRMF_PKIArchiveOptionsGetOptionType(inOpt) != crmfArchiveRemGenPrivKey){
+ CRMF_PKIArchiveOptionsGetOptionType(inOpt) != crmfArchiveRemGenPrivKey) {
return SECFailure;
}
- *destVal = (inOpt->option.archiveRemGenPrivKey.data[0] == hexFalse)
- ? PR_FALSE:
- PR_TRUE;
+ *destVal = (inOpt->option.archiveRemGenPrivKey.data[0] == hexFalse)
+ ? PR_FALSE
+ : PR_TRUE;
return SECSuccess;
}
-
-CRMFEncryptedKey*
+
+CRMFEncryptedKey *
CRMF_PKIArchiveOptionsGetEncryptedPrivKey(CRMFPKIArchiveOptions *inOpts)
{
CRMFEncryptedKey *newEncrKey = NULL;
- SECStatus rv;
+ SECStatus rv;
PORT_Assert(inOpts != NULL);
if (inOpts == NULL ||
- CRMF_PKIArchiveOptionsGetOptionType(inOpts) != crmfEncryptedPrivateKey){
+ CRMF_PKIArchiveOptionsGetOptionType(inOpts) != crmfEncryptedPrivateKey) {
return NULL;
}
newEncrKey = PORT_ZNew(CRMFEncryptedKey);
@@ -173,24 +172,24 @@ CRMF_PKIArchiveOptionsGetEncryptedPrivKey(CRMFPKIArchiveOptions *inOpts)
goto loser;
}
rv = crmf_copy_encryptedkey(NULL, &inOpts->option.encryptedKey,
- newEncrKey);
+ newEncrKey);
if (rv != SECSuccess) {
goto loser;
}
return newEncrKey;
- loser:
+loser:
if (newEncrKey != NULL) {
CRMF_DestroyEncryptedKey(newEncrKey);
}
return NULL;
}
-SECItem*
+SECItem *
CRMF_PKIArchiveOptionsGetKeyGenParameters(CRMFPKIArchiveOptions *inOptions)
{
if (inOptions == NULL ||
- CRMF_PKIArchiveOptionsGetOptionType(inOptions) != crmfKeyGenParameters ||
- inOptions->option.keyGenParameters.data == NULL) {
+ CRMF_PKIArchiveOptionsGetOptionType(inOptions) != crmfKeyGenParameters ||
+ inOptions->option.keyGenParameters.data == NULL) {
return NULL;
}
return SECITEM_DupItem(&inOptions->option.keyGenParameters);
@@ -199,7 +198,7 @@ CRMF_PKIArchiveOptionsGetKeyGenParameters(CRMFPKIArchiveOptions *inOptions)
CRMFPKIArchiveOptionsType
CRMF_PKIArchiveOptionsGetOptionType(CRMFPKIArchiveOptions *inOptions)
{
- PORT_Assert (inOptions != NULL);
+ PORT_Assert(inOptions != NULL);
if (inOptions == NULL) {
return crmfNoArchiveOptions;
}
@@ -214,30 +213,30 @@ crmf_extract_long_from_item(SECItem *intItem, long *destLong)
}
SECStatus
-CRMF_POPOPrivGetKeySubseqMess(CRMFPOPOPrivKey *inKey,
- CRMFSubseqMessOptions *destOpt)
+CRMF_POPOPrivGetKeySubseqMess(CRMFPOPOPrivKey *inKey,
+ CRMFSubseqMessOptions *destOpt)
{
- long value;
+ long value;
SECStatus rv;
PORT_Assert(inKey != NULL);
if (inKey == NULL ||
- inKey->messageChoice != crmfSubsequentMessage) {
+ inKey->messageChoice != crmfSubsequentMessage) {
return SECFailure;
}
- rv = crmf_extract_long_from_item(&inKey->message.subsequentMessage,&value);
+ rv = crmf_extract_long_from_item(&inKey->message.subsequentMessage, &value);
if (rv != SECSuccess) {
return SECFailure;
}
switch (value) {
- case 0:
- *destOpt = crmfEncrCert;
- break;
- case 1:
- *destOpt = crmfChallengeResp;
- break;
- default:
- rv = SECFailure;
+ case 0:
+ *destOpt = crmfEncrCert;
+ break;
+ case 1:
+ *destOpt = crmfChallengeResp;
+ break;
+ default:
+ rv = SECFailure;
}
if (rv != SECSuccess) {
return rv;
@@ -266,24 +265,24 @@ CRMF_POPOPrivKeyGetDHMAC(CRMFPOPOPrivKey *inKey, SECItem *destMAC)
}
SECStatus
-CRMF_POPOPrivKeyGetThisMessage(CRMFPOPOPrivKey *inKey,
- SECItem *destString)
+CRMF_POPOPrivKeyGetThisMessage(CRMFPOPOPrivKey *inKey,
+ SECItem *destString)
{
PORT_Assert(inKey != NULL);
- if (inKey == NULL ||
- inKey->messageChoice != crmfThisMessage) {
+ if (inKey == NULL ||
+ inKey->messageChoice != crmfThisMessage) {
return SECFailure;
}
- return crmf_make_bitstring_copy(NULL, destString,
- &inKey->message.thisMessage);
+ return crmf_make_bitstring_copy(NULL, destString,
+ &inKey->message.thisMessage);
}
-SECAlgorithmID*
+SECAlgorithmID *
CRMF_POPOSigningKeyGetAlgID(CRMFPOPOSigningKey *inSignKey)
{
SECAlgorithmID *newAlgId = NULL;
- SECStatus rv;
+ SECStatus rv;
PORT_Assert(inSignKey != NULL);
if (inSignKey == NULL) {
@@ -293,21 +292,21 @@ CRMF_POPOSigningKeyGetAlgID(CRMFPOPOSigningKey *inSignKey)
if (newAlgId == NULL) {
goto loser;
}
- rv = SECOID_CopyAlgorithmID(NULL, newAlgId,
- inSignKey->algorithmIdentifier);
+ rv = SECOID_CopyAlgorithmID(NULL, newAlgId,
+ inSignKey->algorithmIdentifier);
if (rv != SECSuccess) {
goto loser;
}
return newAlgId;
- loser:
+loser:
if (newAlgId != NULL) {
SECOID_DestroyAlgorithmID(newAlgId, PR_TRUE);
}
return NULL;
}
-SECItem*
+SECItem *
CRMF_POPOSigningKeyGetInput(CRMFPOPOSigningKey *inSignKey)
{
PORT_Assert(inSignKey != NULL);
@@ -317,11 +316,11 @@ CRMF_POPOSigningKeyGetInput(CRMFPOPOSigningKey *inSignKey)
return SECITEM_DupItem(&inSignKey->derInput);
}
-SECItem*
+SECItem *
CRMF_POPOSigningKeyGetSignature(CRMFPOPOSigningKey *inSignKey)
{
- SECItem *newSig = NULL;
- SECStatus rv;
+ SECItem *newSig = NULL;
+ SECStatus rv;
PORT_Assert(inSignKey != NULL);
if (inSignKey == NULL) {
@@ -336,47 +335,48 @@ CRMF_POPOSigningKeyGetSignature(CRMFPOPOSigningKey *inSignKey)
goto loser;
}
return newSig;
- loser:
+loser:
if (newSig != NULL) {
SECITEM_FreeItem(newSig, PR_TRUE);
}
return NULL;
}
-static SECStatus
-crmf_copy_poposigningkey(PLArenaPool *poolp,
- CRMFPOPOSigningKey *inPopoSignKey,
- CRMFPOPOSigningKey *destPopoSignKey)
+static SECStatus
+crmf_copy_poposigningkey(PLArenaPool *poolp,
+ CRMFPOPOSigningKey *inPopoSignKey,
+ CRMFPOPOSigningKey *destPopoSignKey)
{
SECStatus rv;
- /* We don't support use of the POPOSigningKeyInput, so we'll only
+ /* We don't support use of the POPOSigningKeyInput, so we'll only
* store away the DER encoding.
*/
if (inPopoSignKey->derInput.data != NULL) {
- rv = SECITEM_CopyItem(poolp, &destPopoSignKey->derInput,
- &inPopoSignKey->derInput);
+ rv = SECITEM_CopyItem(poolp, &destPopoSignKey->derInput,
+ &inPopoSignKey->derInput);
}
- destPopoSignKey->algorithmIdentifier = (poolp == NULL) ?
- PORT_ZNew(SECAlgorithmID) :
- PORT_ArenaZNew(poolp, SECAlgorithmID);
+ destPopoSignKey->algorithmIdentifier = (poolp == NULL) ?
+ PORT_ZNew(SECAlgorithmID)
+ :
+ PORT_ArenaZNew(poolp, SECAlgorithmID);
if (destPopoSignKey->algorithmIdentifier == NULL) {
goto loser;
}
rv = SECOID_CopyAlgorithmID(poolp, destPopoSignKey->algorithmIdentifier,
- inPopoSignKey->algorithmIdentifier);
+ inPopoSignKey->algorithmIdentifier);
if (rv != SECSuccess) {
goto loser;
}
-
- rv = crmf_make_bitstring_copy(poolp, &destPopoSignKey->signature,
- &inPopoSignKey->signature);
+
+ rv = crmf_make_bitstring_copy(poolp, &destPopoSignKey->signature,
+ &inPopoSignKey->signature);
if (rv != SECSuccess) {
goto loser;
}
return SECSuccess;
- loser:
+loser:
if (poolp == NULL) {
CRMF_DestroyPOPOSigningKey(destPopoSignKey);
}
@@ -384,28 +384,28 @@ crmf_copy_poposigningkey(PLArenaPool *poolp,
}
static SECStatus
-crmf_copy_popoprivkey(PLArenaPool *poolp,
- CRMFPOPOPrivKey *srcPrivKey,
- CRMFPOPOPrivKey *destPrivKey)
+crmf_copy_popoprivkey(PLArenaPool *poolp,
+ CRMFPOPOPrivKey *srcPrivKey,
+ CRMFPOPOPrivKey *destPrivKey)
{
- SECStatus rv;
+ SECStatus rv;
destPrivKey->messageChoice = srcPrivKey->messageChoice;
switch (destPrivKey->messageChoice) {
- case crmfThisMessage:
- case crmfDHMAC:
- /* I've got a union, so taking the address of one, will also give
- * me a pointer to the other (eg, message.dhMAC)
- */
- rv = crmf_make_bitstring_copy(poolp, &destPrivKey->message.thisMessage,
- &srcPrivKey->message.thisMessage);
- break;
- case crmfSubsequentMessage:
- rv = SECITEM_CopyItem(poolp, &destPrivKey->message.subsequentMessage,
- &srcPrivKey->message.subsequentMessage);
- break;
- default:
- rv = SECFailure;
+ case crmfThisMessage:
+ case crmfDHMAC:
+ /* I've got a union, so taking the address of one, will also give
+ * me a pointer to the other (eg, message.dhMAC)
+ */
+ rv = crmf_make_bitstring_copy(poolp, &destPrivKey->message.thisMessage,
+ &srcPrivKey->message.thisMessage);
+ break;
+ case crmfSubsequentMessage:
+ rv = SECITEM_CopyItem(poolp, &destPrivKey->message.subsequentMessage,
+ &srcPrivKey->message.subsequentMessage);
+ break;
+ default:
+ rv = SECFailure;
}
if (rv != SECSuccess && poolp == NULL) {
@@ -414,13 +414,13 @@ crmf_copy_popoprivkey(PLArenaPool *poolp,
return rv;
}
-static CRMFProofOfPossession*
+static CRMFProofOfPossession *
crmf_copy_pop(PLArenaPool *poolp, CRMFProofOfPossession *srcPOP)
{
CRMFProofOfPossession *newPOP;
- SECStatus rv;
+ SECStatus rv;
- /*
+ /*
* Proof Of Possession structures are always part of the Request
* message, so there will always be an arena for allocating memory.
*/
@@ -432,43 +432,43 @@ crmf_copy_pop(PLArenaPool *poolp, CRMFProofOfPossession *srcPOP)
return NULL;
}
switch (srcPOP->popUsed) {
- case crmfRAVerified:
- newPOP->popChoice.raVerified.data = NULL;
- newPOP->popChoice.raVerified.len = 0;
- break;
- case crmfSignature:
- rv = crmf_copy_poposigningkey(poolp, &srcPOP->popChoice.signature,
- &newPOP->popChoice.signature);
- if (rv != SECSuccess) {
- goto loser;
- }
- break;
- case crmfKeyEncipherment:
- case crmfKeyAgreement:
- /* We've got a union, so a pointer to one, is a pointer to the
- * other one.
- */
- rv = crmf_copy_popoprivkey(poolp, &srcPOP->popChoice.keyEncipherment,
- &newPOP->popChoice.keyEncipherment);
- if (rv != SECSuccess) {
- goto loser;
- }
- break;
- default:
- goto loser;
+ case crmfRAVerified:
+ newPOP->popChoice.raVerified.data = NULL;
+ newPOP->popChoice.raVerified.len = 0;
+ break;
+ case crmfSignature:
+ rv = crmf_copy_poposigningkey(poolp, &srcPOP->popChoice.signature,
+ &newPOP->popChoice.signature);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
+ break;
+ case crmfKeyEncipherment:
+ case crmfKeyAgreement:
+ /* We've got a union, so a pointer to one, is a pointer to the
+ * other one.
+ */
+ rv = crmf_copy_popoprivkey(poolp, &srcPOP->popChoice.keyEncipherment,
+ &newPOP->popChoice.keyEncipherment);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
+ break;
+ default:
+ goto loser;
}
newPOP->popUsed = srcPOP->popUsed;
return newPOP;
- loser:
+loser:
return NULL;
}
-static CRMFCertReqMsg*
+static CRMFCertReqMsg *
crmf_copy_cert_req_msg(CRMFCertReqMsg *srcReqMsg)
{
CRMFCertReqMsg *newReqMsg;
- PLArenaPool *poolp;
+ PLArenaPool *poolp;
poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
if (poolp == NULL) {
@@ -494,16 +494,16 @@ crmf_copy_cert_req_msg(CRMFCertReqMsg *srcReqMsg)
*/
return newReqMsg;
- loser:
+loser:
if (newReqMsg != NULL) {
CRMF_DestroyCertReqMsg(newReqMsg);
}
return NULL;
}
-CRMFCertReqMsg*
+CRMFCertReqMsg *
CRMF_CertReqMessagesGetCertReqMsgAtIndex(CRMFCertReqMessages *inReqMsgs,
- int index)
+ int index)
{
int numMsgs;
@@ -533,10 +533,10 @@ CRMF_CertReqMessagesGetNumMessages(CRMFCertReqMessages *inCertReqMsgs)
return numMessages;
}
-CRMFCertRequest*
+CRMFCertRequest *
CRMF_CertReqMsgGetCertRequest(CRMFCertReqMsg *inCertReqMsg)
{
- PLArenaPool *poolp = NULL;
+ PLArenaPool *poolp = NULL;
CRMFCertRequest *newCertReq = NULL;
PORT_Assert(inCertReqMsg != NULL);
@@ -551,7 +551,7 @@ CRMF_CertReqMsgGetCertRequest(CRMFCertReqMsg *inCertReqMsg)
}
newCertReq->poolp = poolp;
return newCertReq;
- loser:
+loser:
if (poolp != NULL) {
PORT_FreeArena(poolp, PR_FALSE);
}
@@ -565,17 +565,17 @@ CRMF_CertReqMsgGetID(CRMFCertReqMsg *inCertReqMsg, long *destID)
if (inCertReqMsg == NULL || inCertReqMsg->certReq == NULL) {
return SECFailure;
}
- return crmf_extract_long_from_item(&inCertReqMsg->certReq->certReqId,
- destID);
+ return crmf_extract_long_from_item(&inCertReqMsg->certReq->certReqId,
+ destID);
}
SECStatus
-CRMF_CertReqMsgGetPOPKeyAgreement(CRMFCertReqMsg *inCertReqMsg,
- CRMFPOPOPrivKey **destKey)
+CRMF_CertReqMsgGetPOPKeyAgreement(CRMFCertReqMsg *inCertReqMsg,
+ CRMFPOPOPrivKey **destKey)
{
PORT_Assert(inCertReqMsg != NULL && destKey != NULL);
if (inCertReqMsg == NULL || destKey == NULL ||
- CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfKeyAgreement) {
+ CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfKeyAgreement) {
return SECFailure;
}
*destKey = PORT_ZNew(CRMFPOPOPrivKey);
@@ -583,38 +583,39 @@ CRMF_CertReqMsgGetPOPKeyAgreement(CRMFCertReqMsg *inCertReqMsg,
return SECFailure;
}
return crmf_copy_popoprivkey(NULL,
- &inCertReqMsg->pop->popChoice.keyAgreement,
- *destKey);
+ &inCertReqMsg->pop->popChoice.keyAgreement,
+ *destKey);
}
SECStatus
-CRMF_CertReqMsgGetPOPKeyEncipherment(CRMFCertReqMsg *inCertReqMsg,
- CRMFPOPOPrivKey **destKey)
+CRMF_CertReqMsgGetPOPKeyEncipherment(CRMFCertReqMsg *inCertReqMsg,
+ CRMFPOPOPrivKey **destKey)
{
PORT_Assert(inCertReqMsg != NULL && destKey != NULL);
if (inCertReqMsg == NULL || destKey == NULL ||
- CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfKeyEncipherment) {
+ CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfKeyEncipherment) {
return SECFailure;
}
*destKey = PORT_ZNew(CRMFPOPOPrivKey);
if (*destKey == NULL) {
- return SECFailure;
+ return SECFailure;
}
return crmf_copy_popoprivkey(NULL,
- &inCertReqMsg->pop->popChoice.keyEncipherment,
- *destKey);
+ &inCertReqMsg->pop->popChoice.keyEncipherment,
+ *destKey);
}
SECStatus
-CRMF_CertReqMsgGetPOPOSigningKey(CRMFCertReqMsg *inCertReqMsg,
- CRMFPOPOSigningKey **destKey)
+CRMF_CertReqMsgGetPOPOSigningKey(CRMFCertReqMsg *inCertReqMsg,
+ CRMFPOPOSigningKey **destKey)
{
CRMFProofOfPossession *pop;
PORT_Assert(inCertReqMsg != NULL);
- if (inCertReqMsg == NULL) {
+ if (inCertReqMsg == NULL) {
return SECFailure;
}
- pop = inCertReqMsg->pop;;
+ pop = inCertReqMsg->pop;
+ ;
if (pop->popUsed != crmfSignature) {
return SECFailure;
}
@@ -622,50 +623,51 @@ CRMF_CertReqMsgGetPOPOSigningKey(CRMFCertReqMsg *inCertReqMsg,
if (*destKey == NULL) {
return SECFailure;
}
- return crmf_copy_poposigningkey(NULL,&pop->popChoice.signature, *destKey);
+ return crmf_copy_poposigningkey(NULL, &pop->popChoice.signature, *destKey);
}
static SECStatus
crmf_copy_name(CERTName *destName, CERTName *srcName)
{
- PLArenaPool *poolp = NULL;
- SECStatus rv;
+ PLArenaPool *poolp = NULL;
+ SECStatus rv;
- if (destName->arena != NULL) {
- poolp = destName->arena;
- } else {
- poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
- }
- if (poolp == NULL) {
- return SECFailure;
- }
- /* Need to do this so that CERT_CopyName doesn't free out
- * the arena from underneath us.
- */
- destName->arena = NULL;
- rv = CERT_CopyName(poolp, destName, srcName);
- destName->arena = poolp;
- return rv;
+ if (destName->arena != NULL) {
+ poolp = destName->arena;
+ }
+ else {
+ poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
+ }
+ if (poolp == NULL) {
+ return SECFailure;
+ }
+ /* Need to do this so that CERT_CopyName doesn't free out
+ * the arena from underneath us.
+ */
+ destName->arena = NULL;
+ rv = CERT_CopyName(poolp, destName, srcName);
+ destName->arena = poolp;
+ return rv;
}
SECStatus
CRMF_CertRequestGetCertTemplateIssuer(CRMFCertRequest *inCertReq,
- CERTName *destIssuer)
+ CERTName *destIssuer)
{
PORT_Assert(inCertReq != NULL);
if (inCertReq == NULL) {
return SECFailure;
}
if (CRMF_DoesRequestHaveField(inCertReq, crmfIssuer)) {
- return crmf_copy_name(destIssuer,
- inCertReq->certTemplate.issuer);
+ return crmf_copy_name(destIssuer,
+ inCertReq->certTemplate.issuer);
}
return SECFailure;
}
-SECStatus
+SECStatus
CRMF_CertRequestGetCertTemplateIssuerUID(CRMFCertRequest *inCertReq,
- SECItem *destIssuerUID)
+ SECItem *destIssuerUID)
{
PORT_Assert(inCertReq != NULL);
if (inCertReq == NULL) {
@@ -673,146 +675,145 @@ CRMF_CertRequestGetCertTemplateIssuerUID(CRMFCertRequest *inCertReq,
}
if (CRMF_DoesRequestHaveField(inCertReq, crmfIssuerUID)) {
return crmf_make_bitstring_copy(NULL, destIssuerUID,
- &inCertReq->certTemplate.issuerUID);
+ &inCertReq->certTemplate.issuerUID);
}
return SECFailure;
}
SECStatus
-CRMF_CertRequestGetCertTemplatePublicKey(CRMFCertRequest *inCertReq,
- CERTSubjectPublicKeyInfo *destPublicKey)
+CRMF_CertRequestGetCertTemplatePublicKey(CRMFCertRequest *inCertReq,
+ CERTSubjectPublicKeyInfo *destPublicKey)
{
- PORT_Assert (inCertReq != NULL);
+ PORT_Assert(inCertReq != NULL);
if (inCertReq == NULL) {
return SECFailure;
}
if (CRMF_DoesRequestHaveField(inCertReq, crmfPublicKey)) {
return SECKEY_CopySubjectPublicKeyInfo(NULL, destPublicKey,
- inCertReq->certTemplate.publicKey);
+ inCertReq->certTemplate.publicKey);
}
return SECFailure;
}
SECStatus
CRMF_CertRequestGetCertTemplateSerialNumber(CRMFCertRequest *inCertReq,
- long *serialNumber)
+ long *serialNumber)
{
PORT_Assert(inCertReq != NULL);
if (inCertReq == NULL) {
return SECFailure;
}
if (CRMF_DoesRequestHaveField(inCertReq, crmfSerialNumber)) {
- return
- crmf_extract_long_from_item(&inCertReq->certTemplate.serialNumber,
- serialNumber);
+ return crmf_extract_long_from_item(&inCertReq->certTemplate.serialNumber,
+ serialNumber);
}
return SECFailure;
}
SECStatus
CRMF_CertRequestGetCertTemplateSigningAlg(CRMFCertRequest *inCertReq,
- SECAlgorithmID *destAlg)
+ SECAlgorithmID *destAlg)
{
PORT_Assert(inCertReq != NULL);
if (inCertReq == NULL) {
return SECFailure;
}
if (CRMF_DoesRequestHaveField(inCertReq, crmfSigningAlg)) {
- return SECOID_CopyAlgorithmID(NULL, destAlg,
- inCertReq->certTemplate.signingAlg);
+ return SECOID_CopyAlgorithmID(NULL, destAlg,
+ inCertReq->certTemplate.signingAlg);
}
return SECFailure;
}
-SECStatus
+SECStatus
CRMF_CertRequestGetCertTemplateSubject(CRMFCertRequest *inCertReq,
- CERTName *destSubject)
+ CERTName *destSubject)
{
- PORT_Assert(inCertReq != NULL);
- if (inCertReq == NULL) {
- return SECFailure;
- }
- if (CRMF_DoesRequestHaveField(inCertReq, crmfSubject)) {
- return crmf_copy_name(destSubject, inCertReq->certTemplate.subject);
- }
- return SECFailure;
+ PORT_Assert(inCertReq != NULL);
+ if (inCertReq == NULL) {
+ return SECFailure;
+ }
+ if (CRMF_DoesRequestHaveField(inCertReq, crmfSubject)) {
+ return crmf_copy_name(destSubject, inCertReq->certTemplate.subject);
+ }
+ return SECFailure;
}
SECStatus
CRMF_CertRequestGetCertTemplateSubjectUID(CRMFCertRequest *inCertReq,
- SECItem *destSubjectUID)
+ SECItem *destSubjectUID)
{
PORT_Assert(inCertReq != NULL);
if (inCertReq == NULL) {
return SECFailure;
}
if (CRMF_DoesRequestHaveField(inCertReq, crmfSubjectUID)) {
- return crmf_make_bitstring_copy(NULL, destSubjectUID,
- &inCertReq->certTemplate.subjectUID);
+ return crmf_make_bitstring_copy(NULL, destSubjectUID,
+ &inCertReq->certTemplate.subjectUID);
}
return SECFailure;
}
-SECStatus
-CRMF_CertRequestGetCertTemplateVersion(CRMFCertRequest *inCertReq,
- long *version)
+SECStatus
+CRMF_CertRequestGetCertTemplateVersion(CRMFCertRequest *inCertReq,
+ long *version)
{
- PORT_Assert (inCertReq != NULL);
+ PORT_Assert(inCertReq != NULL);
if (inCertReq == NULL) {
return SECFailure;
}
if (CRMF_DoesRequestHaveField(inCertReq, crmfVersion)) {
return crmf_extract_long_from_item(&inCertReq->certTemplate.version,
- version);
- }
+ version);
+ }
return SECFailure;
}
static SECStatus
-crmf_copy_validity(CRMFGetValidity *destValidity,
- CRMFOptionalValidity *src)
+crmf_copy_validity(CRMFGetValidity *destValidity,
+ CRMFOptionalValidity *src)
{
SECStatus rv;
-
+
destValidity->notBefore = destValidity->notAfter = NULL;
if (src->notBefore.data != NULL) {
- rv = crmf_create_prtime(&src->notBefore,
- &destValidity->notBefore);
- if (rv != SECSuccess) {
- return rv;
- }
+ rv = crmf_create_prtime(&src->notBefore,
+ &destValidity->notBefore);
+ if (rv != SECSuccess) {
+ return rv;
+ }
}
if (src->notAfter.data != NULL) {
rv = crmf_create_prtime(&src->notAfter,
- &destValidity->notAfter);
- if (rv != SECSuccess) {
- return rv;
- }
+ &destValidity->notAfter);
+ if (rv != SECSuccess) {
+ return rv;
+ }
}
return SECSuccess;
}
-SECStatus
+SECStatus
CRMF_CertRequestGetCertTemplateValidity(CRMFCertRequest *inCertReq,
- CRMFGetValidity *destValidity)
+ CRMFGetValidity *destValidity)
{
PORT_Assert(inCertReq != NULL);
if (inCertReq == NULL) {
return SECFailure;
}
if (CRMF_DoesRequestHaveField(inCertReq, crmfValidity)) {
- return crmf_copy_validity(destValidity,
- inCertReq->certTemplate.validity);
+ return crmf_copy_validity(destValidity,
+ inCertReq->certTemplate.validity);
}
return SECFailure;
}
-CRMFControl*
+CRMFControl *
CRMF_CertRequestGetControlAtIndex(CRMFCertRequest *inCertReq, int index)
{
CRMFControl *newControl, *srcControl;
- int numControls;
- SECStatus rv;
+ int numControls;
+ SECStatus rv;
PORT_Assert(inCertReq != NULL);
if (inCertReq == NULL) {
@@ -828,63 +829,63 @@ CRMF_CertRequestGetControlAtIndex(CRMFCertRequest *inCertReq, int index)
}
srcControl = inCertReq->controls[index];
newControl->tag = srcControl->tag;
- rv = SECITEM_CopyItem (NULL, &newControl->derTag, &srcControl->derTag);
+ rv = SECITEM_CopyItem(NULL, &newControl->derTag, &srcControl->derTag);
if (rv != SECSuccess) {
goto loser;
}
- rv = SECITEM_CopyItem(NULL, &newControl->derValue,
- &srcControl->derValue);
+ rv = SECITEM_CopyItem(NULL, &newControl->derValue,
+ &srcControl->derValue);
if (rv != SECSuccess) {
goto loser;
}
/* Copy over the PKIArchiveOptions stuff */
switch (srcControl->tag) {
- case SEC_OID_PKIX_REGCTRL_REGTOKEN:
- case SEC_OID_PKIX_REGCTRL_AUTHENTICATOR:
- /* No further processing necessary for these types. */
- rv = SECSuccess;
- break;
- case SEC_OID_PKIX_REGCTRL_OLD_CERT_ID:
- case SEC_OID_PKIX_REGCTRL_PKIPUBINFO:
- case SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY:
- /* These aren't supported yet, so no post-processing will
- * be done at this time. But we don't want to fail in case
- * we read in DER that has one of these options.
- */
- rv = SECSuccess;
- break;
- case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS:
- rv = crmf_copy_pkiarchiveoptions(NULL,
- &newControl->value.archiveOptions,
- &srcControl->value.archiveOptions);
- break;
- default:
- rv = SECFailure;
+ case SEC_OID_PKIX_REGCTRL_REGTOKEN:
+ case SEC_OID_PKIX_REGCTRL_AUTHENTICATOR:
+ /* No further processing necessary for these types. */
+ rv = SECSuccess;
+ break;
+ case SEC_OID_PKIX_REGCTRL_OLD_CERT_ID:
+ case SEC_OID_PKIX_REGCTRL_PKIPUBINFO:
+ case SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY:
+ /* These aren't supported yet, so no post-processing will
+ * be done at this time. But we don't want to fail in case
+ * we read in DER that has one of these options.
+ */
+ rv = SECSuccess;
+ break;
+ case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS:
+ rv = crmf_copy_pkiarchiveoptions(NULL,
+ &newControl->value.archiveOptions,
+ &srcControl->value.archiveOptions);
+ break;
+ default:
+ rv = SECFailure;
}
if (rv != SECSuccess) {
goto loser;
}
return newControl;
- loser:
+loser:
if (newControl != NULL) {
CRMF_DestroyControl(newControl);
}
return NULL;
}
-static SECItem*
+static SECItem *
crmf_copy_control_value(CRMFControl *inControl)
{
return SECITEM_DupItem(&inControl->derValue);
}
-SECItem*
+SECItem *
CRMF_ControlGetAuthenticatorControlValue(CRMFControl *inControl)
{
- PORT_Assert (inControl!= NULL);
+ PORT_Assert(inControl != NULL);
if (inControl == NULL ||
- CRMF_ControlGetControlType(inControl) != crmfAuthenticatorControl) {
+ CRMF_ControlGetControlType(inControl) != crmfAuthenticatorControl) {
return NULL;
}
return crmf_copy_control_value(inControl);
@@ -897,31 +898,31 @@ CRMF_ControlGetControlType(CRMFControl *inControl)
PORT_Assert(inControl != NULL);
switch (inControl->tag) {
- case SEC_OID_PKIX_REGCTRL_REGTOKEN:
- retType = crmfRegTokenControl;
- break;
- case SEC_OID_PKIX_REGCTRL_AUTHENTICATOR:
- retType = crmfAuthenticatorControl;
- break;
- case SEC_OID_PKIX_REGCTRL_PKIPUBINFO:
- retType = crmfPKIPublicationInfoControl;
- break;
- case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS:
- retType = crmfPKIArchiveOptionsControl;
- break;
- case SEC_OID_PKIX_REGCTRL_OLD_CERT_ID:
- retType = crmfOldCertIDControl;
- break;
- case SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY:
- retType = crmfProtocolEncrKeyControl;
- break;
- default:
- retType = crmfNoControl;
+ case SEC_OID_PKIX_REGCTRL_REGTOKEN:
+ retType = crmfRegTokenControl;
+ break;
+ case SEC_OID_PKIX_REGCTRL_AUTHENTICATOR:
+ retType = crmfAuthenticatorControl;
+ break;
+ case SEC_OID_PKIX_REGCTRL_PKIPUBINFO:
+ retType = crmfPKIPublicationInfoControl;
+ break;
+ case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS:
+ retType = crmfPKIArchiveOptionsControl;
+ break;
+ case SEC_OID_PKIX_REGCTRL_OLD_CERT_ID:
+ retType = crmfOldCertIDControl;
+ break;
+ case SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY:
+ retType = crmfProtocolEncrKeyControl;
+ break;
+ default:
+ retType = crmfNoControl;
}
return retType;
}
-CRMFPKIArchiveOptions*
+CRMFPKIArchiveOptions *
CRMF_ControlGetPKIArchiveOptions(CRMFControl *inControl)
{
CRMFPKIArchiveOptions *newOpt = NULL;
@@ -929,40 +930,41 @@ CRMF_ControlGetPKIArchiveOptions(CRMFControl *inControl)
PORT_Assert(inControl != NULL);
if (inControl == NULL ||
- CRMF_ControlGetControlType(inControl) != crmfPKIArchiveOptionsControl){
+ CRMF_ControlGetControlType(inControl) != crmfPKIArchiveOptionsControl) {
goto loser;
}
newOpt = PORT_ZNew(CRMFPKIArchiveOptions);
if (newOpt == NULL) {
goto loser;
}
- rv = crmf_copy_pkiarchiveoptions(NULL, newOpt,
- &inControl->value.archiveOptions);
+ rv = crmf_copy_pkiarchiveoptions(NULL, newOpt,
+ &inControl->value.archiveOptions);
if (rv != SECSuccess) {
goto loser;
}
- loser:
+loser:
if (newOpt != NULL) {
CRMF_DestroyPKIArchiveOptions(newOpt);
}
return NULL;
}
-SECItem*
+SECItem *
CRMF_ControlGetRegTokenControlValue(CRMFControl *inControl)
{
PORT_Assert(inControl != NULL);
if (inControl == NULL ||
- CRMF_ControlGetControlType(inControl) != crmfRegTokenControl) {
+ CRMF_ControlGetControlType(inControl) != crmfRegTokenControl) {
return NULL;
}
- return crmf_copy_control_value(inControl);;
+ return crmf_copy_control_value(inControl);
+ ;
}
-CRMFCertExtension*
+CRMFCertExtension *
CRMF_CertRequestGetExtensionAtIndex(CRMFCertRequest *inCertReq,
- int index)
+ int index)
{
int numExtensions;
@@ -971,8 +973,6 @@ CRMF_CertRequestGetExtensionAtIndex(CRMFCertRequest *inCertReq,
if (index >= numExtensions || index < 0) {
return NULL;
}
- return
- crmf_copy_cert_extension(NULL,
- inCertReq->certTemplate.extensions[index]);
+ return crmf_copy_cert_extension(NULL,
+ inCertReq->certTemplate.extensions[index]);
}
-
View Lorry Controller Status