diff options
author | Martin Thomson <martin.thomson@gmail.com> | 2015-08-12 09:44:25 -0700 |
---|---|---|
committer | Martin Thomson <martin.thomson@gmail.com> | 2015-08-12 09:44:25 -0700 |
commit | 225703849bf43ff466e4dcfd3b68c30486e8ad12 (patch) | |
tree | a6970da1dad182eb7e0d6a346cec7bb89205a789 /lib/certdb | |
parent | df18e4c7e5e9ad31fab45575896fba7d2bc24250 (diff) | |
download | nss-hg-225703849bf43ff466e4dcfd3b68c30486e8ad12.tar.gz |
Backed out changeset 4355f55afeb2 (Bug 1158489)
Diffstat (limited to 'lib/certdb')
-rw-r--r-- | lib/certdb/certdb.c | 40 | ||||
-rw-r--r-- | lib/certdb/crl.c | 21 | ||||
-rw-r--r-- | lib/certdb/genname.c | 10 | ||||
-rw-r--r-- | lib/certdb/secname.c | 8 |
4 files changed, 50 insertions, 29 deletions
diff --git a/lib/certdb/certdb.c b/lib/certdb/certdb.c index f282bbb9f..2581be227 100644 --- a/lib/certdb/certdb.c +++ b/lib/certdb/certdb.c @@ -2443,6 +2443,7 @@ CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage, { unsigned int i; CERTCertificate **certs = NULL; + SECStatus rv; unsigned int fcerts = 0; if ( ncerts ) { @@ -2490,11 +2491,10 @@ CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage, * know which cert it belongs to. But we still may try * the individual canickname from the cert itself. */ - /* Bug 1192442 - propagate errors from these calls. */ - (void)CERT_AddTempCertToPerm(certs[i], canickname, NULL); + rv = CERT_AddTempCertToPerm(certs[i], canickname, NULL); } else { - (void)CERT_AddTempCertToPerm(certs[i], - nickname?nickname:canickname, NULL); + rv = CERT_AddTempCertToPerm(certs[i], + nickname?nickname:canickname, NULL); } PORT_Free(canickname); @@ -2511,7 +2511,7 @@ CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage, } } - return (fcerts || !ncerts) ? SECSuccess : SECFailure; + return ((fcerts || !ncerts) ? SECSuccess : SECFailure); } /* @@ -2893,16 +2893,15 @@ CERT_LockCertRefCount(CERTCertificate *cert) void CERT_UnlockCertRefCount(CERTCertificate *cert) { + PRStatus prstat; + PORT_Assert(certRefCountLock != NULL); -#ifdef DEBUG - { - PRStatus prstat = PZ_Unlock(certRefCountLock); - PORT_Assert(prstat == PR_SUCCESS); - } -#else - PZ_Unlock(certRefCountLock); -#endif + prstat = PZ_Unlock(certRefCountLock); + + PORT_Assert(prstat == PR_SUCCESS); + + return; } static PZLock *certTrustLock = NULL; @@ -2974,16 +2973,15 @@ cert_DestroyLocks(void) void CERT_UnlockCertTrust(const CERTCertificate *cert) { + PRStatus prstat; + PORT_Assert(certTrustLock != NULL); -#ifdef DEBUG - { - PRStatus prstat = PZ_Unlock(certTrustLock); - PORT_Assert(prstat == PR_SUCCESS); - } -#else - PZ_Unlock(certTrustLock); -#endif + prstat = PZ_Unlock(certTrustLock); + + PORT_Assert(prstat == PR_SUCCESS); + + return; } diff --git a/lib/certdb/crl.c b/lib/certdb/crl.c index c1a10ef59..9f9aa0b2a 100644 --- a/lib/certdb/crl.c +++ b/lib/certdb/crl.c @@ -627,6 +627,7 @@ crl_storeCRL (PK11SlotInfo *slot,char *url, CERTSignedCrl *oldCrl = NULL, *crl = NULL; PRBool deleteOldCrl = PR_FALSE; CK_OBJECT_HANDLE crlHandle = CK_INVALID_HANDLE; + SECStatus rv; PORT_Assert(newCrl); PORT_Assert(derCrl); @@ -639,8 +640,8 @@ crl_storeCRL (PK11SlotInfo *slot,char *url, /* we can't use the cache here because we must look in the same token */ - (void)SEC_FindCrlByKeyOnSlot(slot, &newCrl->crl.derName, type, - &oldCrl, CRL_DECODE_SKIP_ENTRIES); + rv = SEC_FindCrlByKeyOnSlot(slot, &newCrl->crl.derName, type, + &oldCrl, CRL_DECODE_SKIP_ENTRIES); /* if there is an old crl on the token, make sure the one we are installing is newer. If not, exit out, otherwise delete the old crl. @@ -2692,7 +2693,7 @@ cert_CheckCertRevocationStatus(CERTCertificate* cert, CERTCertificate* issuer, } if (SECFailure == rv) { - (void)CERT_FindCRLEntryReasonExten(entry, &reason); + SECStatus rv2 = CERT_FindCRLEntryReasonExten(entry, &reason); PORT_SetError(SEC_ERROR_REVOKED_CERTIFICATE); } break; @@ -3049,7 +3050,7 @@ SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl, { NamedCRLCacheEntry* oldEntry, * newEntry = NULL; NamedCRLCache* ncc = NULL; - SECStatus rv = SECSuccess; + SECStatus rv = SECSuccess, rv2; PORT_Assert(namedCRLCache.lock); PORT_Assert(namedCRLCache.entries); @@ -3087,7 +3088,8 @@ SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl, (void*) newEntry)) { PORT_Assert(0); - NamedCRLCacheEntry_Destroy(newEntry); + rv2 = NamedCRLCacheEntry_Destroy(newEntry); + PORT_Assert(SECSuccess == rv2); rv = SECFailure; } } @@ -3110,7 +3112,8 @@ SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl, } else { - PORT_AssertSuccess(NamedCRLCacheEntry_Destroy(oldEntry)); + rv2 = NamedCRLCacheEntry_Destroy(oldEntry); + PORT_Assert(SECSuccess == rv2); } if (NULL == PL_HashTableAdd(namedCRLCache.entries, (void*) newEntry->canonicalizedName, @@ -3157,7 +3160,8 @@ SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl, } else { - PORT_AssertSuccess(NamedCRLCacheEntry_Destroy(oldEntry)); + rv2 = NamedCRLCacheEntry_Destroy(oldEntry); + PORT_Assert(SECSuccess == rv2); } if (NULL == PL_HashTableAdd(namedCRLCache.entries, (void*) newEntry->canonicalizedName, @@ -3169,7 +3173,8 @@ SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl, } } } - PORT_AssertSuccess(cert_ReleaseNamedCRLCache(ncc)); + rv2 = cert_ReleaseNamedCRLCache(ncc); + PORT_Assert(SECSuccess == rv2); return rv; } diff --git a/lib/certdb/genname.c b/lib/certdb/genname.c index 6529a6a09..04c8a7712 100644 --- a/lib/certdb/genname.c +++ b/lib/certdb/genname.c @@ -67,6 +67,16 @@ static const SEC_ASN1Template CERTOtherNameTemplate[] = { sizeof(CERTGeneralName) } }; +static const SEC_ASN1Template CERTOtherName2Template[] = { + { SEC_ASN1_SEQUENCE | SEC_ASN1_CONTEXT_SPECIFIC | 0 , + 0, NULL, sizeof(CERTGeneralName) }, + { SEC_ASN1_OBJECT_ID, + offsetof(CERTGeneralName, name.OthName) + offsetof(OtherName, oid) }, + { SEC_ASN1_ANY, + offsetof(CERTGeneralName, name.OthName) + offsetof(OtherName, name) }, + { 0, } +}; + static const SEC_ASN1Template CERT_RFC822NameTemplate[] = { { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1 , offsetof(CERTGeneralName, name.other), diff --git a/lib/certdb/secname.c b/lib/certdb/secname.c index 88a0cf75e..d070bbfc7 100644 --- a/lib/certdb/secname.c +++ b/lib/certdb/secname.c @@ -240,6 +240,14 @@ CERT_CopyAVA(PLArenaPool *arena, CERTAVA *from) return 0; } +/************************************************************************/ +/* XXX This template needs to go away in favor of the new SEC_ASN1 version. */ +static const SEC_ASN1Template cert_RDNTemplate[] = { + { SEC_ASN1_SET_OF, + offsetof(CERTRDN,avas), cert_AVATemplate, sizeof(CERTRDN) } +}; + + CERTRDN * CERT_CreateRDN(PLArenaPool *arena, CERTAVA *ava0, ...) { |