diff options
32 files changed, 492 insertions, 276 deletions
diff --git a/security/nss/cmd/checkcert/checkcert.c b/security/nss/cmd/checkcert/checkcert.c index 887263aeb..0cd5e61aa 100644 --- a/security/nss/cmd/checkcert/checkcert.c +++ b/security/nss/cmd/checkcert/checkcert.c @@ -406,7 +406,8 @@ int main(int argc, char **argv) fprintf(stderr,"%s: can't allocate issuer signed data!", progName); exit(1); } - rv = SEC_ASN1DecodeItem(arena, issuerCertSD, CERT_SignedDataTemplate, + rv = SEC_ASN1DecodeItem(arena, issuerCertSD, + SEC_ASN1_GET(CERT_SignedDataTemplate), &derIssuerCert); if (rv) { fprintf(stderr, "%s: Issuer cert isn't X509 SIGNED Data?\n", @@ -418,7 +419,8 @@ int main(int argc, char **argv) printf("%s: can't allocate space for issuer cert.", progName); exit(1); } - rv = SEC_ASN1DecodeItem(arena, issuerCert, CERT_CertificateTemplate, + rv = SEC_ASN1DecodeItem(arena, issuerCert, + SEC_ASN1_GET(CERT_CertificateTemplate), &issuerCertSD->data); if (rv) { printf("%s: Does not appear to be an X509 Certificate.\n", @@ -433,7 +435,8 @@ int main(int argc, char **argv) exit(1); } - rv = SEC_ASN1DecodeItem(arena, signedData, CERT_SignedDataTemplate, + rv = SEC_ASN1DecodeItem(arena, signedData, + SEC_ASN1_GET(CERT_SignedDataTemplate), &derCert); if (rv) { fprintf(stderr, "%s: Does not appear to be X509 SIGNED Data.\n", @@ -451,7 +454,8 @@ int main(int argc, char **argv) exit(1); } - rv = SEC_ASN1DecodeItem(arena, cert, CERT_CertificateTemplate, + rv = SEC_ASN1DecodeItem(arena, cert, + SEC_ASN1_GET(CERT_CertificateTemplate), &signedData->data); if (rv) { fprintf(stderr, "%s: Does not appear to be an X509 Certificate.\n", @@ -540,8 +544,8 @@ int main(int argc, char **argv) exit(1); } - rv = SEC_ASN1DecodeItem(arena, rsapubkey, SECKEY_RSAPublicKeyTemplate, - &spk); + rv = SEC_ASN1DecodeItem(arena, rsapubkey, + SEC_ASN1_GET(SECKEY_RSAPublicKeyTemplate), &spk); if (rv) { printf("PROBLEM: subjectPublicKey is not a DER PKCS1 RSAPublicKey.\n"); } else { diff --git a/security/nss/cmd/lib/secutil.c b/security/nss/cmd/lib/secutil.c index 5866c25bd..50865a87c 100644 --- a/security/nss/cmd/lib/secutil.c +++ b/security/nss/cmd/lib/secutil.c @@ -1047,14 +1047,16 @@ secu_PrintSubjectPublicKeyInfo(FILE *out, PRArenaPool *arena, DER_ConvertBitString(&i->subjectPublicKey); switch(SECOID_FindOIDTag(&i->algorithm.algorithm)) { case SEC_OID_PKCS1_RSA_ENCRYPTION: - rv = SEC_ASN1DecodeItem(arena, pk, SECKEY_RSAPublicKeyTemplate, + rv = SEC_ASN1DecodeItem(arena, pk, + SEC_ASN1_GET(SECKEY_RSAPublicKeyTemplate), &i->subjectPublicKey); if (rv) return rv; secu_PrintRSAPublicKey(out, pk, "RSA Public Key", level +1); break; case SEC_OID_ANSIX9_DSA_SIGNATURE: - rv = SEC_ASN1DecodeItem(arena, pk, SECKEY_DSAPublicKeyTemplate, + rv = SEC_ASN1DecodeItem(arena, pk, + SEC_ASN1_GET(SECKEY_DSAPublicKeyTemplate), &i->subjectPublicKey); if (rv) return rv; @@ -1077,7 +1079,8 @@ secu_PrintX509InvalidDate(FILE *out, SECItem *value, char *msg, int level) char *formattedTime = NULL; decodedValue.data = NULL; - rv = SEC_ASN1DecodeItem (NULL, &decodedValue, SEC_GeneralizedTimeTemplate, + rv = SEC_ASN1DecodeItem (NULL, &decodedValue, + SEC_ASN1_GET(SEC_GeneralizedTimeTemplate), value); if (rv == SECSuccess) { rv = DER_GeneralizedTimeToTime(&invalidTime, &decodedValue); @@ -1106,10 +1109,6 @@ PrintExtKeyUsageExten (FILE *out, SECItem *value, char *msg, int level) return SECFailure; } - if( (SECItem **)NULL == op ) { - return SECFailure; - } - for( op = os->oids; *op; op++ ) { SECOidData *od = SECOID_FindOID(*op); @@ -1511,7 +1510,8 @@ SECU_PrintCertificateRequest(FILE *out, SECItem *der, char *m, int level) if (!arena) return SEC_ERROR_NO_MEMORY; - rv = SEC_ASN1DecodeItem(arena, cr, CERT_CertificateRequestTemplate, der); + rv = SEC_ASN1DecodeItem(arena, cr, + SEC_ASN1_GET(CERT_CertificateRequestTemplate), der); if (rv) { PORT_FreeArena(arena, PR_FALSE); return rv; @@ -1550,7 +1550,8 @@ SECU_PrintCertificate(FILE *out, SECItem *der, char *m, int level) if (!arena) return SEC_ERROR_NO_MEMORY; - rv = SEC_ASN1DecodeItem(arena, c, CERT_CertificateTemplate, der); + rv = SEC_ASN1DecodeItem(arena, c, + SEC_ASN1_GET(CERT_CertificateTemplate), der); if (rv) { PORT_FreeArena(arena, PR_FALSE); return rv; @@ -1592,7 +1593,8 @@ SECU_PrintPublicKey(FILE *out, SECItem *der, char *m, int level) if (!arena) return SEC_ERROR_NO_MEMORY; - rv = SEC_ASN1DecodeItem(arena, &key, SECKEY_RSAPublicKeyTemplate, der); + rv = SEC_ASN1DecodeItem(arena, &key, + SEC_ASN1_GET(SECKEY_RSAPublicKeyTemplate), der); if (rv) { PORT_FreeArena(arena, PR_FALSE); return rv; @@ -1617,8 +1619,8 @@ SECU_PrintPrivateKey(FILE *out, SECItem *der, char *m, int level) if (!arena) return SEC_ERROR_NO_MEMORY; - rv = SEC_ASN1DecodeItem(arena, &key, SECKEY_EncryptedPrivateKeyInfoTemplate, - der); + rv = SEC_ASN1DecodeItem(arena, &key, + SEC_ASN1_GET(SECKEY_EncryptedPrivateKeyInfoTemplate), der); if (rv) { PORT_FreeArena(arena, PR_TRUE); return rv; @@ -2013,7 +2015,7 @@ SECU_PrintCrl (FILE *out, SECItem *der, char *m, int level) break; } - rv = SEC_ASN1DecodeItem(arena, c, CERT_CrlTemplate, der); + rv = SEC_ASN1DecodeItem(arena, c, SEC_ASN1_GET(CERT_CrlTemplate), der); if (rv != SECSuccess) break; SECU_PrintCRLInfo (out, c, m, level); @@ -2211,7 +2213,8 @@ int SECU_PrintSignedData(FILE *out, SECItem *der, char *m, if (!arena) return SEC_ERROR_NO_MEMORY; - rv = SEC_ASN1DecodeItem(arena, sd, CERT_SignedDataTemplate, der); + rv = SEC_ASN1DecodeItem(arena, sd, SEC_ASN1_GET(CERT_SignedDataTemplate), + der); if (rv) { PORT_FreeArena(arena, PR_FALSE); return rv; diff --git a/security/nss/lib/asn1/asn1t.h b/security/nss/lib/asn1/asn1t.h index 6183b7fd7..2f6c52cea 100644 --- a/security/nss/lib/asn1/asn1t.h +++ b/security/nss/lib/asn1/asn1t.h @@ -144,7 +144,7 @@ typedef SEC_ASN1Template nssASN1Template; #define nssASN1_SET_OF SEC_ASN1_SET_OF #define nssASN1_ANY_CONTENTS SEC_ASN1_ANY_CONTENTS -typedef SEC_ChooseASN1TemplateFunc nssASN1ChooseTemplateFunction; +typedef SEC_ASN1TemplateChooserPtr nssASN1ChooseTemplateFunction; typedef SEC_ASN1DecoderContext nssASN1Decoder; typedef SEC_ASN1EncoderContext nssASN1Encoder; diff --git a/security/nss/lib/certdb/certdb.c b/security/nss/lib/certdb/certdb.c index 50d34165d..0b6aa42fb 100644 --- a/security/nss/lib/certdb/certdb.c +++ b/security/nss/lib/certdb/certdb.c @@ -207,7 +207,7 @@ const SEC_ASN1Template CERT_CertKeyTemplate[] = { { 0 } }; - +SEC_ASN1_CHOOSER_IMPLEMENT(CERT_CertificateTemplate) SECStatus CERT_KeyFromIssuerAndSN(PRArenaPool *arena, SECItem *issuer, SECItem *sn, diff --git a/security/nss/lib/certdb/certt.h b/security/nss/lib/certdb/certt.h index e3d05bc97..f4d200be3 100644 --- a/security/nss/lib/certdb/certt.h +++ b/security/nss/lib/certdb/certt.h @@ -801,4 +801,14 @@ extern const SEC_ASN1Template CERT_CrlTemplate[]; extern const SEC_ASN1Template CERT_AttributeTemplate[]; extern const SEC_ASN1Template CERT_SetOfAttributeTemplate[]; +/* These functions simply return the address of the above-declared templates. +** This is necessary for Windows DLLs. Sigh. +*/ +SEC_ASN1_CHOOSER_DECLARE(CERT_CertificateRequestTemplate); +SEC_ASN1_CHOOSER_DECLARE(CERT_CertificateTemplate); +SEC_ASN1_CHOOSER_DECLARE(CERT_CrlTemplate); +SEC_ASN1_CHOOSER_DECLARE(CERT_IssuerAndSNTemplate); +SEC_ASN1_CHOOSER_DECLARE(CERT_SetOfSignedCrlTemplate); +SEC_ASN1_CHOOSER_DECLARE(CERT_SignedDataTemplate); + #endif /* _CERTT_H_ */ diff --git a/security/nss/lib/certdb/crl.c b/security/nss/lib/certdb/crl.c index 1e0e909e1..8bfded225 100644 --- a/security/nss/lib/certdb/crl.c +++ b/security/nss/lib/certdb/crl.c @@ -385,3 +385,11 @@ loser: return(0); } + +/* These functions simply return the address of the above-declared templates. +** This is necessary for Windows DLLs. Sigh. +*/ +SEC_ASN1_CHOOSER_IMPLEMENT(CERT_IssuerAndSNTemplate) +SEC_ASN1_CHOOSER_IMPLEMENT(CERT_CrlTemplate) +SEC_ASN1_CHOOSER_IMPLEMENT(CERT_SetOfSignedCrlTemplate) + diff --git a/security/nss/lib/certhigh/certreq.c b/security/nss/lib/certhigh/certreq.c index 0c3038139..1588c1896 100644 --- a/security/nss/lib/certhigh/certreq.c +++ b/security/nss/lib/certhigh/certreq.c @@ -67,6 +67,8 @@ const SEC_ASN1Template CERT_CertificateRequestTemplate[] = { { 0 } }; +SEC_ASN1_CHOOSER_IMPLEMENT(CERT_CertificateRequestTemplate) + CERTCertificate * CERT_CreateCertificate(unsigned long serialNumber, CERTName *issuer, diff --git a/security/nss/lib/crmf/asn1cmn.c b/security/nss/lib/crmf/asn1cmn.c index 8dae9749c..7299bbdc6 100644 --- a/security/nss/lib/crmf/asn1cmn.c +++ b/security/nss/lib/crmf/asn1cmn.c @@ -34,6 +34,10 @@ #include "cmmf.h" #include "cmmfi.h" +SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate) +SEC_ASN1_MKSUB(SEC_AnyTemplate) +SEC_ASN1_MKSUB(SEC_IntegerTemplate) + static const SEC_ASN1Template CMMFCertResponseTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFCertResponse)}, { SEC_ASN1_INTEGER, offsetof(CMMFCertResponse, certReqId)}, @@ -58,9 +62,9 @@ const SEC_ASN1Template CMMFCertifiedKeyPairTemplate[] = { { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | 0, offsetof(CMMFCertifiedKeyPair, privateKey), CRMFEncryptedValueTemplate}, - { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 1, + { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1, offsetof (CMMFCertifiedKeyPair, derPublicationInfo), - SEC_AnyTemplate}, + SEC_ASN1_SUB(SEC_AnyTemplate) }, { 0 } }; @@ -86,8 +90,10 @@ const SEC_ASN1Template CMMFRandTemplate[] = { }; const SEC_ASN1Template CMMFPOPODecKeyRespContentTemplate[] = { - { SEC_ASN1_SEQUENCE_OF, offsetof(CMMFPOPODecKeyRespContent, responses), - SEC_IntegerTemplate, sizeof(CMMFPOPODecKeyRespContent)}, + { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN, + offsetof(CMMFPOPODecKeyRespContent, responses), + SEC_ASN1_SUB(SEC_IntegerTemplate), + sizeof(CMMFPOPODecKeyRespContent)}, { 0 } }; @@ -118,8 +124,9 @@ const SEC_ASN1Template CMMFCertRepContentTemplate[] = { static const SEC_ASN1Template CMMFChallengeTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFChallenge)}, - { SEC_ASN1_POINTER | SEC_ASN1_OPTIONAL, offsetof(CMMFChallenge, owf), - SECOID_AlgorithmIDTemplate }, + { SEC_ASN1_POINTER | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN, + offsetof(CMMFChallenge, owf), + SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, { SEC_ASN1_OCTET_STRING, offsetof(CMMFChallenge, witness) }, { SEC_ASN1_ANY, offsetof(CMMFChallenge, senderDER) }, { SEC_ASN1_OCTET_STRING, offsetof(CMMFChallenge, key) }, diff --git a/security/nss/lib/crmf/crmfcont.c b/security/nss/lib/crmf/crmfcont.c index b6e197522..3948023c2 100644 --- a/security/nss/lib/crmf/crmfcont.c +++ b/security/nss/lib/crmf/crmfcont.c @@ -616,7 +616,8 @@ crmf_decode_params(SECItem *inParams) SECStatus rv; params = PORT_ZNew(SECItem); - rv = SEC_ASN1DecodeItem(NULL, params, SEC_OctetStringTemplate, + rv = SEC_ASN1DecodeItem(NULL, params, + SEC_ASN1_GET(SEC_OctetStringTemplate), inParams); if (rv != SECSuccess) { SECITEM_FreeItem(params, PR_TRUE); @@ -814,7 +815,7 @@ crmf_create_encrypted_value_wrapped_privkey(SECKEYPrivateKey *inPrivKey, } dummy = SEC_ASN1EncodeItem(NULL, &encodedParam, iv, - SEC_OctetStringTemplate); + SEC_ASN1_GET(SEC_OctetStringTemplate)); if (dummy != &encodedParam) { SECITEM_FreeItem(dummy, PR_TRUE); goto loser; diff --git a/security/nss/lib/crmf/crmftmpl.c b/security/nss/lib/crmf/crmftmpl.c index da660cd6e..8cbc9895e 100644 --- a/security/nss/lib/crmf/crmftmpl.c +++ b/security/nss/lib/crmf/crmftmpl.c @@ -37,6 +37,12 @@ #include "secoid.h" #include "secasn1.h" +SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate) +SEC_ASN1_MKSUB(SEC_AnyTemplate) +SEC_ASN1_MKSUB(SEC_BitStringTemplate) +SEC_ASN1_MKSUB(SEC_IntegerTemplate) +SEC_ASN1_MKSUB(SEC_OctetStringTemplate) +SEC_ASN1_MKSUB(SEC_UTCTimeTemplate) /* * It's all implicit tagging. @@ -68,13 +74,13 @@ static const SEC_ASN1Template CRMFSequenceOfCertExtensionTemplate[] = { static const SEC_ASN1Template CRMFOptionalValidityTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof (CRMFOptionalValidity) }, { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | - SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | 0, + SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN | 0, offsetof (CRMFOptionalValidity, notBefore), - SEC_UTCTimeTemplate}, + SEC_ASN1_SUB(SEC_UTCTimeTemplate) }, { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | - SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | 1, + SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN | 1, offsetof (CRMFOptionalValidity, notAfter), - SEC_UTCTimeTemplate}, + SEC_ASN1_SUB(SEC_UTCTimeTemplate) }, { 0 } }; @@ -85,12 +91,16 @@ static const SEC_ASN1Template crmfPointerToNameTemplate[] = { static const SEC_ASN1Template CRMFCertTemplateTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFCertTemplate) }, - { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 0, - offsetof(CRMFCertTemplate, version), SEC_IntegerTemplate }, - { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | 1 , - offsetof (CRMFCertTemplate, serialNumber), SEC_IntegerTemplate }, - { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | 2, - offsetof (CRMFCertTemplate, signingAlg), SECOID_AlgorithmIDTemplate }, + { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0, + offsetof(CRMFCertTemplate, version), + SEC_ASN1_SUB(SEC_IntegerTemplate) }, + { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN | 1 , + offsetof (CRMFCertTemplate, serialNumber), + SEC_ASN1_SUB(SEC_IntegerTemplate) }, + { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | + SEC_ASN1_XTRN | 2, + offsetof (CRMFCertTemplate, signingAlg), + SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | 3, offsetof (CRMFCertTemplate, issuer), crmfPointerToNameTemplate }, @@ -103,10 +113,12 @@ static const SEC_ASN1Template CRMFCertTemplateTemplate[] = { { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | 6, offsetof (CRMFCertTemplate, publicKey), CERT_SubjectPublicKeyInfoTemplate }, - { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | 7, - offsetof (CRMFCertTemplate, issuerUID), SEC_BitStringTemplate }, - { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | 8, - offsetof (CRMFCertTemplate, subjectUID), SEC_BitStringTemplate }, + { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN | 7, + offsetof (CRMFCertTemplate, issuerUID), + SEC_ASN1_SUB(SEC_BitStringTemplate) }, + { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN | 8, + offsetof (CRMFCertTemplate, subjectUID), + SEC_ASN1_SUB(SEC_BitStringTemplate) }, { SEC_ASN1_CONSTRUCTED | SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 9, offsetof (CRMFCertTemplate, extensions), @@ -172,12 +184,15 @@ const SEC_ASN1Template CRMFRAVerifiedTemplate[] = { /* This template will need to add POPOSigningKeyInput eventually, maybe*/ static const SEC_ASN1Template crmfPOPOSigningKeyTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFPOPOSigningKey) }, - { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 0, - offsetof(CRMFPOPOSigningKey, derInput), SEC_AnyTemplate}, - { SEC_ASN1_POINTER, offsetof(CRMFPOPOSigningKey, algorithmIdentifier), - SECOID_AlgorithmIDTemplate }, - { SEC_ASN1_BIT_STRING, offsetof(CRMFPOPOSigningKey, signature), - SEC_BitStringTemplate}, + { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0, + offsetof(CRMFPOPOSigningKey, derInput), + SEC_ASN1_SUB(SEC_AnyTemplate) }, + { SEC_ASN1_POINTER | SEC_ASN1_XTRN, + offsetof(CRMFPOPOSigningKey, algorithmIdentifier), + SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, + { SEC_ASN1_BIT_STRING | SEC_ASN1_XTRN, + offsetof(CRMFPOPOSigningKey, signature), + SEC_ASN1_SUB(SEC_BitStringTemplate) }, { 0 } }; @@ -189,58 +204,62 @@ const SEC_ASN1Template CRMFPOPOSigningKeyTemplate[] = { }; const SEC_ASN1Template CRMFThisMessageTemplate[] = { - { SEC_ASN1_CONTEXT_SPECIFIC | 0, + { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0, 0, - SEC_BitStringTemplate}, + SEC_ASN1_SUB(SEC_BitStringTemplate) }, { 0 } }; const SEC_ASN1Template CRMFSubsequentMessageTemplate[] = { - { SEC_ASN1_CONTEXT_SPECIFIC | 1, + { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1, 0, - SEC_IntegerTemplate}, + SEC_ASN1_SUB(SEC_IntegerTemplate) }, { 0 } }; const SEC_ASN1Template CRMFDHMACTemplate[] = { - { SEC_ASN1_CONTEXT_SPECIFIC | 0, + { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0, 0, - SEC_BitStringTemplate}, + SEC_ASN1_SUB(SEC_BitStringTemplate) }, { 0 } }; const SEC_ASN1Template CRMFPOPOKeyEnciphermentTemplate[] = { { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | - SEC_ASN1_CONTEXT_SPECIFIC | 2, + SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 2, 0, - SEC_AnyTemplate}, + SEC_ASN1_SUB(SEC_AnyTemplate) }, { 0 } }; const SEC_ASN1Template CRMFPOPOKeyAgreementTemplate[] = { { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | - SEC_ASN1_CONTEXT_SPECIFIC | 3, + SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 3, 0, - SEC_AnyTemplate}, + SEC_ASN1_SUB(SEC_AnyTemplate)}, { 0 } }; const SEC_ASN1Template CRMFEncryptedValueTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFEncryptedValue)}, - { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | 0, + { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | + SEC_ASN1_XTRN | 0, offsetof(CRMFEncryptedValue, intendedAlg), - SECOID_AlgorithmIDTemplate}, - { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | 1, + SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, + { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | + SEC_ASN1_XTRN | 1, offsetof (CRMFEncryptedValue, symmAlg), - SECOID_AlgorithmIDTemplate }, - { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | 2, - offsetof(CRMFEncryptedValue, encSymmKey), SEC_BitStringTemplate}, - { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | 3, + SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, + { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN | 2, + offsetof(CRMFEncryptedValue, encSymmKey), + SEC_ASN1_SUB(SEC_BitStringTemplate) }, + { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | + SEC_ASN1_XTRN | 3, offsetof(CRMFEncryptedValue, keyAlg), - SECOID_AlgorithmIDTemplate }, - { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 4, + SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, + { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 4, offsetof(CRMFEncryptedValue, valueHint), - SEC_OctetStringTemplate}, + SEC_ASN1_SUB(SEC_OctetStringTemplate) }, { SEC_ASN1_BIT_STRING, offsetof(CRMFEncryptedValue, encValue) }, { 0 } }; diff --git a/security/nss/lib/cryptohi/secsign.c b/security/nss/lib/cryptohi/secsign.c index 3583d709a..98131c6eb 100644 --- a/security/nss/lib/cryptohi/secsign.c +++ b/security/nss/lib/cryptohi/secsign.c @@ -381,6 +381,9 @@ const SEC_ASN1Template CERT_SignedDataTemplate[] = { 0, } }; +SEC_ASN1_CHOOSER_IMPLEMENT(CERT_SignedDataTemplate) + + SECStatus SEC_DerSignData(PRArenaPool *arena, SECItem *result, unsigned char *buf, int len, SECKEYPrivateKey *pk, SECOidTag algID) diff --git a/security/nss/lib/nss/nss.def b/security/nss/lib/nss/nss.def index 206256e36..e45883dd5 100644 --- a/security/nss/lib/nss/nss.def +++ b/security/nss/lib/nss/nss.def @@ -339,34 +339,59 @@ VFY_VerifyDigest; ;+# ;+# Data objects ;+# -;+# This isnt right, but it's better than we have now... -CERT_CrlTemplate DATA ; -CERT_SignedDataTemplate DATA ; -CERT_CertificateTemplate DATA ; -CERT_CertificateRequestTemplate DATA ; -CERT_IssuerAndSNTemplate DATA ; -CERT_SetOfSignedCrlTemplate DATA ; -SECAnyTemplate DATA ; -SECKEY_DSAPublicKeyTemplate DATA ; -SECKEY_EncryptedPrivateKeyInfoTemplate DATA ; -SECKEY_PointerToEncryptedPrivateKeyInfoTemplate DATA ; -SECKEY_PointerToPrivateKeyInfoTemplate DATA ; -SECKEY_PrivateKeyInfoTemplate DATA ; -SECKEY_RSAPublicKeyTemplate DATA ; -SECOID_AlgorithmIDTemplate DATA ; -SEC_AnyTemplate DATA ; -SEC_BMPStringTemplate DATA ; -SEC_BitStringTemplate DATA ; -SEC_GeneralizedTimeTemplate DATA ; -SEC_IA5StringTemplate DATA ; -SEC_IntegerTemplate DATA ; -SEC_ObjectIDTemplate DATA ; -SEC_OctetStringTemplate DATA ; -SEC_PointerToAnyTemplate DATA ; -SEC_PointerToOctetStringTemplate DATA ; -SEC_SetOfAnyTemplate DATA ; -SEC_UTCTimeTemplate DATA ; -sgn_DigestInfoTemplate DATA ; +;+# Don't export these DATA symbols on Windows because they don't work right. +;;CERT_CrlTemplate DATA ; +;;CERT_SignedDataTemplate DATA ; +;;CERT_CertificateTemplate DATA ; +;;CERT_CertificateRequestTemplate DATA ; +;;CERT_IssuerAndSNTemplate DATA ; +;;CERT_SetOfSignedCrlTemplate DATA ; +;;SECKEY_DSAPublicKeyTemplate DATA ; +;;SECKEY_EncryptedPrivateKeyInfoTemplate DATA ; +;;SECKEY_PointerToEncryptedPrivateKeyInfoTemplate DATA ; +;;SECKEY_PointerToPrivateKeyInfoTemplate DATA ; +;;SECKEY_PrivateKeyInfoTemplate DATA ; +;;SECKEY_RSAPublicKeyTemplate DATA ; +;;SECOID_AlgorithmIDTemplate DATA ; +;;SEC_AnyTemplate DATA ; +;;SEC_BMPStringTemplate DATA ; +;;SEC_BitStringTemplate DATA ; +;;SEC_GeneralizedTimeTemplate DATA ; +;;SEC_IA5StringTemplate DATA ; +;;SEC_IntegerTemplate DATA ; +;;SEC_ObjectIDTemplate DATA ; +;;SEC_OctetStringTemplate DATA ; +;;SEC_PointerToAnyTemplate DATA ; +;;SEC_PointerToOctetStringTemplate DATA ; +;;SEC_SetOfAnyTemplate DATA ; +;;SEC_UTCTimeTemplate DATA ; +;;sgn_DigestInfoTemplate DATA ; +NSS_Get_CERT_CrlTemplate; +NSS_Get_CERT_SignedDataTemplate; +NSS_Get_CERT_CertificateTemplate; +NSS_Get_CERT_CertificateRequestTemplate; +NSS_Get_CERT_IssuerAndSNTemplate; +NSS_Get_CERT_SetOfSignedCrlTemplate; +NSS_Get_SECKEY_DSAPublicKeyTemplate; +NSS_Get_SECKEY_EncryptedPrivateKeyInfoTemplate; +NSS_Get_SECKEY_PointerToEncryptedPrivateKeyInfoTemplate; +NSS_Get_SECKEY_PointerToPrivateKeyInfoTemplate; +NSS_Get_SECKEY_PrivateKeyInfoTemplate; +NSS_Get_SECKEY_RSAPublicKeyTemplate; +NSS_Get_SECOID_AlgorithmIDTemplate; +NSS_Get_SEC_AnyTemplate; +NSS_Get_SEC_BMPStringTemplate; +NSS_Get_SEC_BitStringTemplate; +NSS_Get_SEC_GeneralizedTimeTemplate; +NSS_Get_SEC_IA5StringTemplate; +NSS_Get_SEC_IntegerTemplate; +NSS_Get_SEC_ObjectIDTemplate; +NSS_Get_SEC_OctetStringTemplate; +NSS_Get_SEC_PointerToAnyTemplate; +NSS_Get_SEC_PointerToOctetStringTemplate; +NSS_Get_SEC_SetOfAnyTemplate; +NSS_Get_SEC_UTCTimeTemplate; +NSS_Get_sgn_DigestInfoTemplate; ;+# commands CERT_DecodeBasicConstraintValue; CERT_DecodeOidSequence; diff --git a/security/nss/lib/pkcs12/p12local.c b/security/nss/lib/pkcs12/p12local.c index d6e02ad02..b5d246f24 100644 --- a/security/nss/lib/pkcs12/p12local.c +++ b/security/nss/lib/pkcs12/p12local.c @@ -46,6 +46,9 @@ #define SALT_LENGTH 16 +SEC_ASN1_MKSUB(SECKEY_PrivateKeyInfoTemplate) +SEC_ASN1_MKSUB(sgn_DigestInfoTemplate) + /* helper functions */ /* returns proper bag type template based upon object type tag */ const SEC_ASN1Template * @@ -69,7 +72,7 @@ sec_pkcs12_choose_bag_type_old(void *src_or_dest, PRBool encoding) switch (oiddata->offset) { default: - theTemplate = SEC_PointerToAnyTemplate; + theTemplate = SEC_ASN1_GET(SEC_PointerToAnyTemplate); break; case SEC_OID_PKCS12_KEY_BAG_ID: theTemplate = SEC_PointerToPKCS12KeyBagTemplate; @@ -105,7 +108,7 @@ sec_pkcs12_choose_bag_type(void *src_or_dest, PRBool encoding) switch (oiddata->offset) { default: - theTemplate = SEC_AnyTemplate; + theTemplate = SEC_ASN1_GET(SEC_AnyTemplate); break; case SEC_OID_PKCS12_KEY_BAG_ID: theTemplate = SEC_PKCS12PrivateKeyBagTemplate; @@ -141,7 +144,7 @@ sec_pkcs12_choose_cert_crl_type_old(void *src_or_dest, PRBool encoding) switch (oiddata->offset) { default: - theTemplate = SEC_PointerToAnyTemplate; + theTemplate = SEC_ASN1_GET(SEC_PointerToAnyTemplate); break; case SEC_OID_PKCS12_X509_CERT_CRL_BAG: theTemplate = SEC_PointerToPKCS12X509CertCRLTemplate_OLD; @@ -173,7 +176,7 @@ sec_pkcs12_choose_cert_crl_type(void *src_or_dest, PRBool encoding) switch (oiddata->offset) { default: - theTemplate = SEC_PointerToAnyTemplate; + theTemplate = SEC_ASN1_GET(SEC_PointerToAnyTemplate); break; case SEC_OID_PKCS12_X509_CERT_CRL_BAG: theTemplate = SEC_PointerToPKCS12X509CertCRLTemplate; @@ -206,11 +209,11 @@ sec_pkcs12_choose_shroud_type(void *src_or_dest, PRBool encoding) switch (oiddata->offset) { default: - theTemplate = SEC_PointerToAnyTemplate; + theTemplate = SEC_ASN1_GET(SEC_PointerToAnyTemplate); break; case SEC_OID_PKCS12_PKCS8_KEY_SHROUDING: theTemplate = - SECKEY_PointerToEncryptedPrivateKeyInfoTemplate; + SEC_ASN1_GET(SECKEY_PointerToEncryptedPrivateKeyInfoTemplate); break; } return theTemplate; @@ -939,7 +942,7 @@ sec_pkcs12_convert_item_to_unicode(PRArenaPool *arena, SECItem *dest, } /* pkcs 12 templates */ -static SEC_ChooseASN1TemplateFunc sec_pkcs12_shroud_chooser = +static const SEC_ASN1TemplateChooserPtr sec_pkcs12_shroud_chooser = sec_pkcs12_choose_shroud_type; const SEC_ASN1Template SEC_PKCS12CodedSafeBagTemplate[] = @@ -1001,8 +1004,9 @@ const SEC_ASN1Template SEC_PKCS12PVKAdditionalDataTemplate[] = const SEC_ASN1Template SEC_PKCS12PVKSupportingDataTemplate_OLD[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12PVKSupportingData) }, - { SEC_ASN1_SET_OF, offsetof(SEC_PKCS12PVKSupportingData, assocCerts), - sgn_DigestInfoTemplate }, + { SEC_ASN1_SET_OF | SEC_ASN1_XTRN , + offsetof(SEC_PKCS12PVKSupportingData, assocCerts), + SEC_ASN1_SUB(sgn_DigestInfoTemplate) }, { SEC_ASN1_OPTIONAL | SEC_ASN1_BOOLEAN, offsetof(SEC_PKCS12PVKSupportingData, regenerable) }, { SEC_ASN1_PRINTABLE_STRING, @@ -1015,8 +1019,9 @@ const SEC_ASN1Template SEC_PKCS12PVKSupportingDataTemplate_OLD[] = const SEC_ASN1Template SEC_PKCS12PVKSupportingDataTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12PVKSupportingData) }, - { SEC_ASN1_SET_OF, offsetof(SEC_PKCS12PVKSupportingData, assocCerts), - sgn_DigestInfoTemplate }, + { SEC_ASN1_SET_OF | SEC_ASN1_XTRN , + offsetof(SEC_PKCS12PVKSupportingData, assocCerts), + SEC_ASN1_SUB(sgn_DigestInfoTemplate) }, { SEC_ASN1_OPTIONAL | SEC_ASN1_BOOLEAN, offsetof(SEC_PKCS12PVKSupportingData, regenerable) }, { SEC_ASN1_BMP_STRING, @@ -1050,10 +1055,10 @@ const SEC_ASN1Template SEC_PKCS12BaggageTemplate_OLD[] = SEC_PKCS12ESPVKItemTemplate_OLD }, }; -static SEC_ChooseASN1TemplateFunc sec_pkcs12_bag_chooser = +static const SEC_ASN1TemplateChooserPtr sec_pkcs12_bag_chooser = sec_pkcs12_choose_bag_type; -static SEC_ChooseASN1TemplateFunc sec_pkcs12_bag_chooser_old = +static const SEC_ASN1TemplateChooserPtr sec_pkcs12_bag_chooser_old = sec_pkcs12_choose_bag_type_old; const SEC_ASN1Template SEC_PKCS12SafeBagTemplate_OLD[] = @@ -1098,8 +1103,9 @@ const SEC_ASN1Template SEC_PKCS12PrivateKeyTemplate[] = { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12PrivateKey) }, { SEC_ASN1_INLINE, offsetof(SEC_PKCS12PrivateKey, pvkData), SEC_PKCS12PVKSupportingDataTemplate }, - { SEC_ASN1_INLINE, offsetof(SEC_PKCS12PrivateKey, pkcs8data), - SECKEY_PrivateKeyInfoTemplate }, + { SEC_ASN1_INLINE | SEC_ASN1_XTRN, + offsetof(SEC_PKCS12PrivateKey, pkcs8data), + SEC_ASN1_SUB(SECKEY_PrivateKeyInfoTemplate) }, { 0 } }; @@ -1116,8 +1122,9 @@ const SEC_ASN1Template SEC_PKCS12X509CertCRLTemplate_OLD[] = { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12X509CertCRL) }, { SEC_ASN1_INLINE, offsetof(SEC_PKCS12X509CertCRL, certOrCRL), sec_PKCS7ContentInfoTemplate }, - { SEC_ASN1_INLINE, offsetof(SEC_PKCS12X509CertCRL, thumbprint), - sgn_DigestInfoTemplate }, + { SEC_ASN1_INLINE | SEC_ASN1_XTRN , + offsetof(SEC_PKCS12X509CertCRL, thumbprint), + SEC_ASN1_SUB(sgn_DigestInfoTemplate) }, { 0 } }; @@ -1136,10 +1143,10 @@ const SEC_ASN1Template SEC_PKCS12SDSICertTemplate[] = { 0 } }; -static SEC_ChooseASN1TemplateFunc sec_pkcs12_cert_crl_chooser_old = +static const SEC_ASN1TemplateChooserPtr sec_pkcs12_cert_crl_chooser_old = sec_pkcs12_choose_cert_crl_type_old; -static SEC_ChooseASN1TemplateFunc sec_pkcs12_cert_crl_chooser = +static const SEC_ASN1TemplateChooserPtr sec_pkcs12_cert_crl_chooser = sec_pkcs12_choose_cert_crl_type; const SEC_ASN1Template SEC_PKCS12CertAndCRLTemplate_OLD[] = @@ -1218,8 +1225,8 @@ const SEC_ASN1Template SEC_PKCS12SecretBagTemplate[] = const SEC_ASN1Template SEC_PKCS12MacDataTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12PFXItem) }, - { SEC_ASN1_INLINE, offsetof(SEC_PKCS12MacData, safeMac), - sgn_DigestInfoTemplate }, + { SEC_ASN1_INLINE | SEC_ASN1_XTRN , offsetof(SEC_PKCS12MacData, safeMac), + SEC_ASN1_SUB(sgn_DigestInfoTemplate) }, { SEC_ASN1_BIT_STRING, offsetof(SEC_PKCS12MacData, macSalt) }, { 0 } }; @@ -1240,8 +1247,9 @@ const SEC_ASN1Template SEC_PKCS12PFXItemTemplate_OLD[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12PFXItem) }, { SEC_ASN1_OPTIONAL | - SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0, - offsetof(SEC_PKCS12PFXItem, old_safeMac), sgn_DigestInfoTemplate }, + SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0, + offsetof(SEC_PKCS12PFXItem, old_safeMac), + SEC_ASN1_SUB(sgn_DigestInfoTemplate) }, { SEC_ASN1_OPTIONAL | SEC_ASN1_BIT_STRING, offsetof(SEC_PKCS12PFXItem, old_macSalt) }, { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1, diff --git a/security/nss/lib/pkcs12/p12tmpl.c b/security/nss/lib/pkcs12/p12tmpl.c index ebaed1183..e58816386 100644 --- a/security/nss/lib/pkcs12/p12tmpl.c +++ b/security/nss/lib/pkcs12/p12tmpl.c @@ -41,6 +41,9 @@ #include "secasn1.h" #include "p12t.h" +SEC_ASN1_MKSUB(SEC_AnyTemplate) +SEC_ASN1_MKSUB(sgn_DigestInfoTemplate) + static const SEC_ASN1Template * sec_pkcs12_choose_safe_bag_type(void *src_or_dest, PRBool encoding) { @@ -56,15 +59,15 @@ sec_pkcs12_choose_safe_bag_type(void *src_or_dest, PRBool encoding) oiddata = SECOID_FindOID(&safeBag->safeBagType); if(oiddata == NULL) { - return SEC_AnyTemplate; + return SEC_ASN1_GET(SEC_AnyTemplate); } switch (oiddata->offset) { default: - theTemplate = SEC_AnyTemplate; + theTemplate = SEC_ASN1_GET(SEC_AnyTemplate); break; case SEC_OID_PKCS12_V1_KEY_BAG_ID: - theTemplate = SECKEY_PointerToPrivateKeyInfoTemplate; + theTemplate = SEC_ASN1_GET(SECKEY_PointerToPrivateKeyInfoTemplate); break; case SEC_OID_PKCS12_V1_CERT_BAG_ID: theTemplate = sec_PKCS12PointerToCertBagTemplate; @@ -76,13 +79,14 @@ sec_pkcs12_choose_safe_bag_type(void *src_or_dest, PRBool encoding) theTemplate = sec_PKCS12PointerToSecretBagTemplate; break; case SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID: - theTemplate = SECKEY_PointerToEncryptedPrivateKeyInfoTemplate; + theTemplate = + SEC_ASN1_GET(SECKEY_PointerToEncryptedPrivateKeyInfoTemplate); break; case SEC_OID_PKCS12_V1_SAFE_CONTENTS_BAG_ID: if(encoding) { theTemplate = sec_PKCS12PointerToSafeContentsTemplate; } else { - theTemplate = SEC_PointerToAnyTemplate; + theTemplate = SEC_ASN1_GET(SEC_PointerToAnyTemplate); } break; } @@ -104,15 +108,15 @@ sec_pkcs12_choose_crl_bag_type(void *src_or_dest, PRBool encoding) oiddata = SECOID_FindOID(&crlbag->bagID); if(oiddata == NULL) { - return SEC_AnyTemplate; + return SEC_ASN1_GET(SEC_AnyTemplate); } switch (oiddata->offset) { default: - theTemplate = SEC_AnyTemplate; + theTemplate = SEC_ASN1_GET(SEC_AnyTemplate); break; case SEC_OID_PKCS9_X509_CRL: - theTemplate = SEC_OctetStringTemplate; + theTemplate = SEC_ASN1_GET(SEC_OctetStringTemplate); break; } return theTemplate; @@ -133,18 +137,18 @@ sec_pkcs12_choose_cert_bag_type(void *src_or_dest, PRBool encoding) oiddata = SECOID_FindOID(&certbag->bagID); if(oiddata == NULL) { - return SEC_AnyTemplate; + return SEC_ASN1_GET(SEC_AnyTemplate); } switch (oiddata->offset) { default: - theTemplate = SEC_AnyTemplate; + theTemplate = SEC_ASN1_GET(SEC_AnyTemplate); break; case SEC_OID_PKCS9_X509_CERT: - theTemplate = SEC_OctetStringTemplate; + theTemplate = SEC_ASN1_GET(SEC_OctetStringTemplate); break; case SEC_OID_PKCS9_SDSI_CERT: - theTemplate = SEC_IA5StringTemplate; + theTemplate = SEC_ASN1_GET(SEC_IA5StringTemplate); break; } return theTemplate; @@ -165,21 +169,21 @@ sec_pkcs12_choose_attr_type(void *src_or_dest, PRBool encoding) oiddata = SECOID_FindOID(&attr->attrType); if(oiddata == NULL) { - return SEC_AnyTemplate; + return SEC_ASN1_GET(SEC_AnyTemplate); } switch (oiddata->offset) { default: - theTemplate = SEC_AnyTemplate; + theTemplate = SEC_ASN1_GET(SEC_AnyTemplate); break; case SEC_OID_PKCS9_FRIENDLY_NAME: - theTemplate = SEC_BMPStringTemplate; + theTemplate = SEC_ASN1_GET(SEC_BMPStringTemplate); break; case SEC_OID_PKCS9_LOCAL_KEY_ID: - theTemplate = SEC_OctetStringTemplate; + theTemplate = SEC_ASN1_GET(SEC_OctetStringTemplate); break; case SEC_OID_PKCS12_KEY_USAGE: - theTemplate = SEC_BitStringTemplate; + theTemplate = SEC_ASN1_GET(SEC_BitStringTemplate); break; } @@ -191,16 +195,16 @@ const SEC_ASN1Template sec_PKCS12PointerToContentInfoTemplate[] = { { SEC_ASN1_POINTER | SEC_ASN1_MAY_STREAM, 0, sec_PKCS7ContentInfoTemplate } }; -static SEC_ChooseASN1TemplateFunc sec_pkcs12_crl_bag_chooser = +static const SEC_ASN1TemplateChooserPtr sec_pkcs12_crl_bag_chooser = sec_pkcs12_choose_crl_bag_type; -static SEC_ChooseASN1TemplateFunc sec_pkcs12_cert_bag_chooser = +static const SEC_ASN1TemplateChooserPtr sec_pkcs12_cert_bag_chooser = sec_pkcs12_choose_cert_bag_type; -static SEC_ChooseASN1TemplateFunc sec_pkcs12_safe_bag_chooser = +static const SEC_ASN1TemplateChooserPtr sec_pkcs12_safe_bag_chooser = sec_pkcs12_choose_safe_bag_type; -static SEC_ChooseASN1TemplateFunc sec_pkcs12_attr_chooser = +static const SEC_ASN1TemplateChooserPtr sec_pkcs12_attr_chooser = sec_pkcs12_choose_attr_type; const SEC_ASN1Template sec_PKCS12PointerToCertBagTemplate[] = { @@ -233,16 +237,17 @@ const SEC_ASN1Template sec_PKCS12PFXItemTemplate[] = { const SEC_ASN1Template sec_PKCS12MacDataTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(sec_PKCS12MacData) }, - { SEC_ASN1_INLINE, offsetof(sec_PKCS12MacData, safeMac), - sgn_DigestInfoTemplate }, + { SEC_ASN1_INLINE | SEC_ASN1_XTRN , offsetof(sec_PKCS12MacData, safeMac), + SEC_ASN1_SUB(sgn_DigestInfoTemplate) }, { SEC_ASN1_OCTET_STRING, offsetof(sec_PKCS12MacData, macSalt) }, { SEC_ASN1_OPTIONAL | SEC_ASN1_INTEGER, offsetof(sec_PKCS12MacData, iter) }, { 0 } }; const SEC_ASN1Template sec_PKCS12AuthenticatedSafeTemplate[] = { - { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_MAY_STREAM, - offsetof(sec_PKCS12AuthenticatedSafe, encodedSafes), SEC_AnyTemplate } + { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_MAY_STREAM | SEC_ASN1_XTRN , + offsetof(sec_PKCS12AuthenticatedSafe, encodedSafes), + SEC_ASN1_SUB(SEC_AnyTemplate) } }; const SEC_ASN1Template sec_PKCS12SafeBagTemplate[] = { @@ -265,8 +270,8 @@ const SEC_ASN1Template sec_PKCS12SafeContentsTemplate[] = { }; const SEC_ASN1Template sec_PKCS12SequenceOfAnyTemplate[] = { - { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_MAY_STREAM, 0, - SEC_AnyTemplate } + { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_MAY_STREAM | SEC_ASN1_XTRN , 0, + SEC_ASN1_SUB(SEC_AnyTemplate) } }; const SEC_ASN1Template sec_PKCS12NestedSafeContentsDecodeTemplate[] = { @@ -276,9 +281,9 @@ const SEC_ASN1Template sec_PKCS12NestedSafeContentsDecodeTemplate[] = { }; const SEC_ASN1Template sec_PKCS12SafeContentsDecodeTemplate[] = { - { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_MAY_STREAM, + { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_MAY_STREAM | SEC_ASN1_XTRN , offsetof(sec_PKCS12SafeContents, encodedSafeBags), - SEC_AnyTemplate } + SEC_ASN1_SUB(SEC_AnyTemplate) } }; const SEC_ASN1Template sec_PKCS12CRLBagTemplate[] = { diff --git a/security/nss/lib/pkcs7/certread.c b/security/nss/lib/pkcs7/certread.c index 5c5ddab78..c0762d83d 100644 --- a/security/nss/lib/pkcs7/certread.c +++ b/security/nss/lib/pkcs7/certread.c @@ -39,6 +39,8 @@ #include "secasn1.h" #include "secoid.h" +SEC_ASN1_MKSUB(SEC_AnyTemplate); + SECStatus SEC_ReadPKCS7Certs(SECItem *pkcs7Item, CERTImportCertificateFunc f, void *arg) { @@ -83,8 +85,7 @@ done: } const SEC_ASN1Template SEC_CertSequenceTemplate[] = { - { SEC_ASN1_SEQUENCE_OF, - 0, SECAnyTemplate } + { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN, 0, SEC_ASN1_SUB(SEC_AnyTemplate) } }; SECStatus diff --git a/security/nss/lib/pkcs7/p7decode.c b/security/nss/lib/pkcs7/p7decode.c index 6400badc8..4e3b2bebb 100644 --- a/security/nss/lib/pkcs7/p7decode.c +++ b/security/nss/lib/pkcs7/p7decode.c @@ -55,6 +55,7 @@ #include "prtime.h" #include "secerr.h" #include "sechash.h" /* for HASH_GetHashObject() */ +#include "secder.h" struct sec_pkcs7_decoder_worker { int depth; @@ -582,8 +583,8 @@ sec_pkcs7_decoder_get_recipient_key (SEC_PKCS7DecoderContext *p7dcx, if (keaParams.bulkKeySize.len > 0) { p7dcx->error = SEC_ASN1DecodeItem(NULL, &bulkLength, - SEC_IntegerTemplate, - &keaParams.bulkKeySize); + SEC_ASN1_GET(SEC_IntegerTemplate), + &keaParams.bulkKeySize); } if (p7dcx->error != SECSuccess) diff --git a/security/nss/lib/pkcs7/p7local.c b/security/nss/lib/pkcs7/p7local.c index d3e58be50..68376cec0 100644 --- a/security/nss/lib/pkcs7/p7local.c +++ b/security/nss/lib/pkcs7/p7local.c @@ -76,6 +76,12 @@ struct sec_pkcs7_cipher_object { unsigned char pending_buf[BLOCK_SIZE]; }; +SEC_ASN1_MKSUB(CERT_IssuerAndSNTemplate) +SEC_ASN1_MKSUB(CERT_SetOfSignedCrlTemplate) +SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate) +SEC_ASN1_MKSUB(SEC_OctetStringTemplate) +SEC_ASN1_MKSUB(SEC_SetOfAnyTemplate) + /* * Create a cipher object to do decryption, based on the given bulk * encryption key and algorithm identifier (which may include an iv). @@ -900,7 +906,7 @@ sec_attr_choose_attr_value_template(void *src_or_dest, PRBool encoding) attribute = (SEC_PKCS7Attribute*)src_or_dest; if (encoding && attribute->encoded) - return SEC_AnyTemplate; + return SEC_ASN1_GET(SEC_AnyTemplate); oiddata = attribute->typeTag; if (oiddata == NULL) { @@ -910,30 +916,30 @@ sec_attr_choose_attr_value_template(void *src_or_dest, PRBool encoding) if (oiddata == NULL) { encoded = PR_TRUE; - theTemplate = SEC_AnyTemplate; + theTemplate = SEC_ASN1_GET(SEC_AnyTemplate); } else { switch (oiddata->offset) { default: encoded = PR_TRUE; - theTemplate = SEC_AnyTemplate; + theTemplate = SEC_ASN1_GET(SEC_AnyTemplate); break; case SEC_OID_PKCS9_EMAIL_ADDRESS: case SEC_OID_RFC1274_MAIL: case SEC_OID_PKCS9_UNSTRUCTURED_NAME: encoded = PR_FALSE; - theTemplate = SEC_IA5StringTemplate; + theTemplate = SEC_ASN1_GET(SEC_IA5StringTemplate); break; case SEC_OID_PKCS9_CONTENT_TYPE: encoded = PR_FALSE; - theTemplate = SEC_ObjectIDTemplate; + theTemplate = SEC_ASN1_GET(SEC_ObjectIDTemplate); break; case SEC_OID_PKCS9_MESSAGE_DIGEST: encoded = PR_FALSE; - theTemplate = SEC_OctetStringTemplate; + theTemplate = SEC_ASN1_GET(SEC_OctetStringTemplate); break; case SEC_OID_PKCS9_SIGNING_TIME: encoded = PR_FALSE; - theTemplate = SEC_UTCTimeTemplate; + theTemplate = SEC_ASN1_GET(SEC_UTCTimeTemplate); break; /* XXX Want other types here, too */ } @@ -958,7 +964,7 @@ sec_attr_choose_attr_value_template(void *src_or_dest, PRBool encoding) return theTemplate; } -static SEC_ChooseASN1TemplateFunc sec_attr_chooser +static const SEC_ASN1TemplateChooserPtr sec_attr_chooser = sec_attr_choose_attr_value_template; static const SEC_ASN1Template sec_pkcs7_attribute_template[] = { @@ -1146,7 +1152,7 @@ sec_PKCS7ReorderAttributes (SEC_PKCS7Attribute **attrs) static const SEC_ASN1Template * sec_pkcs7_choose_content_template(void *src_or_dest, PRBool encoding); -static SEC_ChooseASN1TemplateFunc sec_pkcs7_chooser +static const SEC_ASN1TemplateChooserPtr sec_pkcs7_chooser = sec_pkcs7_choose_content_template; const SEC_ASN1Template sec_PKCS7ContentInfoTemplate[] = { @@ -1168,18 +1174,18 @@ static const SEC_ASN1Template SEC_PKCS7SignerInfoTemplate[] = { 0, NULL, sizeof(SEC_PKCS7SignerInfo) }, { SEC_ASN1_INTEGER, offsetof(SEC_PKCS7SignerInfo,version) }, - { SEC_ASN1_POINTER, + { SEC_ASN1_POINTER | SEC_ASN1_XTRN, offsetof(SEC_PKCS7SignerInfo,issuerAndSN), - CERT_IssuerAndSNTemplate }, - { SEC_ASN1_INLINE, + SEC_ASN1_SUB(CERT_IssuerAndSNTemplate) }, + { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(SEC_PKCS7SignerInfo,digestAlg), - SECOID_AlgorithmIDTemplate }, + SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0, offsetof(SEC_PKCS7SignerInfo,authAttr), sec_pkcs7_set_of_attribute_template }, - { SEC_ASN1_INLINE, + { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(SEC_PKCS7SignerInfo,digestEncAlg), - SECOID_AlgorithmIDTemplate }, + SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, { SEC_ASN1_OCTET_STRING, offsetof(SEC_PKCS7SignerInfo,encDigest) }, { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1, @@ -1193,18 +1199,20 @@ static const SEC_ASN1Template SEC_PKCS7SignedDataTemplate[] = { 0, NULL, sizeof(SEC_PKCS7SignedData) }, { SEC_ASN1_INTEGER, offsetof(SEC_PKCS7SignedData,version) }, - { SEC_ASN1_SET_OF, + { SEC_ASN1_SET_OF | SEC_ASN1_XTRN, offsetof(SEC_PKCS7SignedData,digestAlgorithms), - SECOID_AlgorithmIDTemplate }, + SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, { SEC_ASN1_INLINE, offsetof(SEC_PKCS7SignedData,contentInfo), sec_PKCS7ContentInfoTemplate }, - { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0, + { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | + SEC_ASN1_XTRN | 0, offsetof(SEC_PKCS7SignedData,rawCerts), - SEC_SetOfAnyTemplate }, - { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1, + SEC_ASN1_SUB(SEC_SetOfAnyTemplate) }, + { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | + SEC_ASN1_XTRN | 1, offsetof(SEC_PKCS7SignedData,crls), - CERT_SetOfSignedCrlTemplate }, + SEC_ASN1_SUB(CERT_SetOfSignedCrlTemplate) }, { SEC_ASN1_SET_OF, offsetof(SEC_PKCS7SignedData,signerInfos), SEC_PKCS7SignerInfoTemplate }, @@ -1220,12 +1228,12 @@ static const SEC_ASN1Template SEC_PKCS7RecipientInfoTemplate[] = { 0, NULL, sizeof(SEC_PKCS7RecipientInfo) }, { SEC_ASN1_INTEGER, offsetof(SEC_PKCS7RecipientInfo,version) }, - { SEC_ASN1_POINTER, + { SEC_ASN1_POINTER | SEC_ASN1_XTRN, offsetof(SEC_PKCS7RecipientInfo,issuerAndSN), - CERT_IssuerAndSNTemplate }, - { SEC_ASN1_INLINE, + SEC_ASN1_SUB(CERT_IssuerAndSNTemplate) }, + { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(SEC_PKCS7RecipientInfo,keyEncAlg), - SECOID_AlgorithmIDTemplate }, + SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, { SEC_ASN1_OCTET_STRING, offsetof(SEC_PKCS7RecipientInfo,encKey) }, { 0 } @@ -1236,12 +1244,13 @@ static const SEC_ASN1Template SEC_PKCS7EncryptedContentInfoTemplate[] = { 0, NULL, sizeof(SEC_PKCS7EncryptedContentInfo) }, { SEC_ASN1_OBJECT_ID, offsetof(SEC_PKCS7EncryptedContentInfo,contentType) }, - { SEC_ASN1_INLINE, + { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(SEC_PKCS7EncryptedContentInfo,contentEncAlg), - SECOID_AlgorithmIDTemplate }, - { SEC_ASN1_OPTIONAL | SEC_ASN1_MAY_STREAM | SEC_ASN1_CONTEXT_SPECIFIC | 0, + SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, + { SEC_ASN1_OPTIONAL | SEC_ASN1_MAY_STREAM | SEC_ASN1_CONTEXT_SPECIFIC | + SEC_ASN1_XTRN | 0, offsetof(SEC_PKCS7EncryptedContentInfo,encContent), - SEC_OctetStringTemplate }, + SEC_ASN1_SUB(SEC_OctetStringTemplate) }, { 0 } }; @@ -1271,18 +1280,20 @@ static const SEC_ASN1Template SEC_PKCS7SignedAndEnvelopedDataTemplate[] = { { SEC_ASN1_SET_OF, offsetof(SEC_PKCS7SignedAndEnvelopedData,recipientInfos), SEC_PKCS7RecipientInfoTemplate }, - { SEC_ASN1_SET_OF, + { SEC_ASN1_SET_OF | SEC_ASN1_XTRN, offsetof(SEC_PKCS7SignedAndEnvelopedData,digestAlgorithms), - SECOID_AlgorithmIDTemplate }, + SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, { SEC_ASN1_INLINE, offsetof(SEC_PKCS7SignedAndEnvelopedData,encContentInfo), SEC_PKCS7EncryptedContentInfoTemplate }, - { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0, + { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | + SEC_ASN1_XTRN | 0, offsetof(SEC_PKCS7SignedAndEnvelopedData,rawCerts), - SEC_SetOfAnyTemplate }, - { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1, + SEC_ASN1_SUB(SEC_SetOfAnyTemplate) }, + { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | + SEC_ASN1_XTRN | 1, offsetof(SEC_PKCS7SignedAndEnvelopedData,crls), - CERT_SetOfSignedCrlTemplate }, + SEC_ASN1_SUB(CERT_SetOfSignedCrlTemplate) }, { SEC_ASN1_SET_OF, offsetof(SEC_PKCS7SignedAndEnvelopedData,signerInfos), SEC_PKCS7SignerInfoTemplate }, @@ -1299,9 +1310,9 @@ static const SEC_ASN1Template SEC_PKCS7DigestedDataTemplate[] = { 0, NULL, sizeof(SEC_PKCS7DigestedData) }, { SEC_ASN1_INTEGER, offsetof(SEC_PKCS7DigestedData,version) }, - { SEC_ASN1_INLINE, + { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(SEC_PKCS7DigestedData,digestAlg), - SECOID_AlgorithmIDTemplate }, + SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, { SEC_ASN1_INLINE, offsetof(SEC_PKCS7DigestedData,contentInfo), sec_PKCS7ContentInfoTemplate }, @@ -1401,10 +1412,10 @@ sec_pkcs7_choose_content_template(void *src_or_dest, PRBool encoding) kind = SEC_PKCS7ContentType (cinfo); switch (kind) { default: - theTemplate = SEC_PointerToAnyTemplate; + theTemplate = SEC_ASN1_GET(SEC_PointerToAnyTemplate); break; case SEC_OID_PKCS7_DATA: - theTemplate = SEC_PointerToOctetStringTemplate; + theTemplate = SEC_ASN1_GET(SEC_PointerToOctetStringTemplate); break; case SEC_OID_PKCS7_SIGNED_DATA: theTemplate = SEC_PointerToPKCS7SignedDataTemplate; diff --git a/security/nss/lib/smime/cmsasn1.c b/security/nss/lib/smime/cmsasn1.c index d649c4192..be44c7524 100644 --- a/security/nss/lib/smime/cmsasn1.c +++ b/security/nss/lib/smime/cmsasn1.c @@ -50,6 +50,14 @@ extern const SEC_ASN1Template nss_cms_set_of_attribute_template[]; +SEC_ASN1_MKSUB(CERT_IssuerAndSNTemplate) +SEC_ASN1_MKSUB(CERT_SetOfSignedCrlTemplate) +SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate) +SEC_ASN1_MKSUB(SEC_BitStringTemplate) +SEC_ASN1_MKSUB(SEC_OctetStringTemplate) +SEC_ASN1_MKSUB(SEC_PointerToOctetStringTemplate) +SEC_ASN1_MKSUB(SEC_SetOfAnyTemplate) + /* ----------------------------------------------------------------------------- * MESSAGE * (uses NSSCMSContentInfo) @@ -59,7 +67,7 @@ extern const SEC_ASN1Template nss_cms_set_of_attribute_template[]; static const SEC_ASN1Template * nss_cms_choose_content_template(void *src_or_dest, PRBool encoding); -static SEC_ChooseASN1TemplateFunc nss_cms_chooser +static const SEC_ASN1TemplateChooserPtr nss_cms_chooser = nss_cms_choose_content_template; const SEC_ASN1Template NSSCMSMessageTemplate[] = { @@ -88,9 +96,9 @@ static const SEC_ASN1Template NSSCMSEncapsulatedContentInfoTemplate[] = { { SEC_ASN1_OBJECT_ID, offsetof(NSSCMSContentInfo,contentType) }, { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT | SEC_ASN1_MAY_STREAM | - SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0, + SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0, offsetof(NSSCMSContentInfo,rawContent), - SEC_PointerToOctetStringTemplate }, + SEC_ASN1_SUB(SEC_PointerToOctetStringTemplate) }, { 0 } }; @@ -99,12 +107,13 @@ static const SEC_ASN1Template NSSCMSEncryptedContentInfoTemplate[] = { 0, NULL, sizeof(NSSCMSContentInfo) }, { SEC_ASN1_OBJECT_ID, offsetof(NSSCMSContentInfo,contentType) }, - { SEC_ASN1_INLINE, + { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(NSSCMSContentInfo,contentEncAlg), - SECOID_AlgorithmIDTemplate }, - { SEC_ASN1_OPTIONAL | SEC_ASN1_POINTER | SEC_ASN1_MAY_STREAM | SEC_ASN1_CONTEXT_SPECIFIC | 0, + SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, + { SEC_ASN1_OPTIONAL | SEC_ASN1_POINTER | SEC_ASN1_MAY_STREAM | + SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0, offsetof(NSSCMSContentInfo,rawContent), - SEC_OctetStringTemplate }, + SEC_ASN1_SUB(SEC_OctetStringTemplate) }, { 0 } }; @@ -119,18 +128,20 @@ const SEC_ASN1Template NSSCMSSignedDataTemplate[] = { 0, NULL, sizeof(NSSCMSSignedData) }, { SEC_ASN1_INTEGER, offsetof(NSSCMSSignedData,version) }, - { SEC_ASN1_SET_OF, + { SEC_ASN1_SET_OF | SEC_ASN1_XTRN, offsetof(NSSCMSSignedData,digestAlgorithms), - SECOID_AlgorithmIDTemplate }, + SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, { SEC_ASN1_INLINE, offsetof(NSSCMSSignedData,contentInfo), NSSCMSEncapsulatedContentInfoTemplate }, - { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0, + { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | + SEC_ASN1_XTRN | 0, offsetof(NSSCMSSignedData,rawCerts), - SEC_SetOfAnyTemplate }, - { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1, + SEC_ASN1_SUB(SEC_SetOfAnyTemplate) }, + { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | + SEC_ASN1_XTRN | 1, offsetof(NSSCMSSignedData,crls), - CERT_SetOfSignedCrlTemplate }, + SEC_ASN1_SUB(CERT_SetOfSignedCrlTemplate) }, { SEC_ASN1_SET_OF, offsetof(NSSCMSSignedData,signerInfos), NSSCMSSignerInfoTemplate }, @@ -149,13 +160,13 @@ static const SEC_ASN1Template NSSCMSSignerIdentifierTemplate[] = { { SEC_ASN1_CHOICE, offsetof(NSSCMSSignerIdentifier,identifierType), NULL, sizeof(NSSCMSSignerIdentifier) }, - { SEC_ASN1_POINTER | SEC_ASN1_CONTEXT_SPECIFIC | 0, + { SEC_ASN1_POINTER | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0, offsetof(NSSCMSSignerIdentifier,id.subjectKeyID), - SEC_OctetStringTemplate, + SEC_ASN1_SUB(SEC_OctetStringTemplate) , NSSCMSRecipientID_SubjectKeyID }, - { SEC_ASN1_POINTER, + { SEC_ASN1_POINTER | SEC_ASN1_XTRN, offsetof(NSSCMSSignerIdentifier,id.issuerAndSN), - CERT_IssuerAndSNTemplate, + SEC_ASN1_SUB(CERT_IssuerAndSNTemplate), NSSCMSRecipientID_IssuerSN }, { 0 } }; @@ -172,15 +183,15 @@ const SEC_ASN1Template NSSCMSSignerInfoTemplate[] = { { SEC_ASN1_INLINE, offsetof(NSSCMSSignerInfo,signerIdentifier), NSSCMSSignerIdentifierTemplate }, - { SEC_ASN1_INLINE, + { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(NSSCMSSignerInfo,digestAlg), - SECOID_AlgorithmIDTemplate }, + SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0, offsetof(NSSCMSSignerInfo,authAttr), nss_cms_set_of_attribute_template }, - { SEC_ASN1_INLINE, + { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(NSSCMSSignerInfo,digestEncAlg), - SECOID_AlgorithmIDTemplate }, + SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, { SEC_ASN1_OCTET_STRING, offsetof(NSSCMSSignerInfo,encDigest) }, { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1, @@ -196,12 +207,14 @@ const SEC_ASN1Template NSSCMSSignerInfoTemplate[] = { static const SEC_ASN1Template NSSCMSOriginatorInfoTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSCMSOriginatorInfo) }, - { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0, + { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | + SEC_ASN1_XTRN | 0, offsetof(NSSCMSOriginatorInfo,rawCerts), - SEC_SetOfAnyTemplate }, - { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1, + SEC_ASN1_SUB(SEC_SetOfAnyTemplate) }, + { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | + SEC_ASN1_XTRN | 1, offsetof(NSSCMSOriginatorInfo,crls), - CERT_SetOfSignedCrlTemplate }, + SEC_ASN1_SUB(CERT_SetOfSignedCrlTemplate) }, { 0 } }; @@ -241,13 +254,14 @@ static const SEC_ASN1Template NSSCMSRecipientIdentifierTemplate[] = { { SEC_ASN1_CHOICE, offsetof(NSSCMSRecipientIdentifier,identifierType), NULL, sizeof(NSSCMSRecipientIdentifier) }, - { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0, + { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | + SEC_ASN1_XTRN | 0, offsetof(NSSCMSRecipientIdentifier,id.subjectKeyID), - SEC_PointerToOctetStringTemplate, + SEC_ASN1_SUB(SEC_PointerToOctetStringTemplate) , NSSCMSRecipientID_SubjectKeyID }, - { SEC_ASN1_POINTER, + { SEC_ASN1_POINTER | SEC_ASN1_XTRN, offsetof(NSSCMSRecipientIdentifier,id.issuerAndSN), - CERT_IssuerAndSNTemplate, + SEC_ASN1_SUB(CERT_IssuerAndSNTemplate), NSSCMSRecipientID_IssuerSN }, { 0 } }; @@ -261,9 +275,9 @@ static const SEC_ASN1Template NSSCMSKeyTransRecipientInfoTemplate[] = { { SEC_ASN1_INLINE, offsetof(NSSCMSKeyTransRecipientInfo,recipientIdentifier), NSSCMSRecipientIdentifierTemplate }, - { SEC_ASN1_INLINE, + { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(NSSCMSKeyTransRecipientInfo,keyEncAlg), - SECOID_AlgorithmIDTemplate }, + SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, { SEC_ASN1_OCTET_STRING, offsetof(NSSCMSKeyTransRecipientInfo,encKey) }, { 0 } @@ -276,12 +290,12 @@ static const SEC_ASN1Template NSSCMSKeyTransRecipientInfoTemplate[] = { static const SEC_ASN1Template NSSCMSOriginatorPublicKeyTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSCMSOriginatorPublicKey) }, - { SEC_ASN1_INLINE, + { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(NSSCMSOriginatorPublicKey,algorithmIdentifier), - SECOID_AlgorithmIDTemplate }, - { SEC_ASN1_INLINE, + SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, + { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(NSSCMSOriginatorPublicKey,publicKey), - SEC_BitStringTemplate }, + SEC_ASN1_SUB(SEC_BitStringTemplate) }, { 0 } }; @@ -290,13 +304,14 @@ static const SEC_ASN1Template NSSCMSOriginatorIdentifierOrKeyTemplate[] = { { SEC_ASN1_CHOICE, offsetof(NSSCMSOriginatorIdentifierOrKey,identifierType), NULL, sizeof(NSSCMSOriginatorIdentifierOrKey) }, - { SEC_ASN1_POINTER, + { SEC_ASN1_POINTER | SEC_ASN1_XTRN, offsetof(NSSCMSOriginatorIdentifierOrKey,id.issuerAndSN), - CERT_IssuerAndSNTemplate, + SEC_ASN1_SUB(CERT_IssuerAndSNTemplate), NSSCMSOriginatorIDOrKey_IssuerSN }, - { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1, + { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | + SEC_ASN1_XTRN | 1, offsetof(NSSCMSOriginatorIdentifierOrKey,id.subjectKeyID), - SEC_PointerToOctetStringTemplate, + SEC_ASN1_SUB(SEC_PointerToOctetStringTemplate) , NSSCMSOriginatorIDOrKey_SubjectKeyID }, { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 2, offsetof(NSSCMSOriginatorIdentifierOrKey,id.originatorPublicKey), @@ -322,9 +337,9 @@ static const SEC_ASN1Template NSSCMSKeyAgreeRecipientIdentifierTemplate[] = { { SEC_ASN1_CHOICE, offsetof(NSSCMSKeyAgreeRecipientIdentifier,identifierType), NULL, sizeof(NSSCMSKeyAgreeRecipientIdentifier) }, - { SEC_ASN1_POINTER, + { SEC_ASN1_POINTER | SEC_ASN1_XTRN, offsetof(NSSCMSKeyAgreeRecipientIdentifier,id.issuerAndSN), - CERT_IssuerAndSNTemplate, + SEC_ASN1_SUB(CERT_IssuerAndSNTemplate), NSSCMSKeyAgreeRecipientID_IssuerSN }, { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0, offsetof(NSSCMSKeyAgreeRecipientIdentifier,id.recipientKeyIdentifier), @@ -339,9 +354,9 @@ static const SEC_ASN1Template NSSCMSRecipientEncryptedKeyTemplate[] = { { SEC_ASN1_INLINE, offsetof(NSSCMSRecipientEncryptedKey,recipientIdentifier), NSSCMSKeyAgreeRecipientIdentifierTemplate }, - { SEC_ASN1_INLINE, + { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(NSSCMSRecipientEncryptedKey,encKey), - SEC_BitStringTemplate }, + SEC_ASN1_SUB(SEC_BitStringTemplate) }, { 0 } }; @@ -354,12 +369,12 @@ static const SEC_ASN1Template NSSCMSKeyAgreeRecipientInfoTemplate[] = { offsetof(NSSCMSKeyAgreeRecipientInfo,originatorIdentifierOrKey), NSSCMSOriginatorIdentifierOrKeyTemplate }, { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT | - SEC_ASN1_CONTEXT_SPECIFIC | 1, + SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1, offsetof(NSSCMSKeyAgreeRecipientInfo,ukm), - SEC_OctetStringTemplate }, - { SEC_ASN1_INLINE, + SEC_ASN1_SUB(SEC_OctetStringTemplate) }, + { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(NSSCMSKeyAgreeRecipientInfo,keyEncAlg), - SECOID_AlgorithmIDTemplate }, + SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, { SEC_ASN1_SEQUENCE_OF, offsetof(NSSCMSKeyAgreeRecipientInfo,recipientEncryptedKeys), NSSCMSRecipientEncryptedKeyTemplate }, @@ -390,9 +405,9 @@ static const SEC_ASN1Template NSSCMSKEKRecipientInfoTemplate[] = { { SEC_ASN1_INLINE, offsetof(NSSCMSKEKRecipientInfo,kekIdentifier), NSSCMSKEKIdentifierTemplate }, - { SEC_ASN1_INLINE, + { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(NSSCMSKEKRecipientInfo,keyEncAlg), - SECOID_AlgorithmIDTemplate }, + SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, { SEC_ASN1_OCTET_STRING, offsetof(NSSCMSKEKRecipientInfo,encKey) }, { 0 } @@ -429,9 +444,9 @@ const SEC_ASN1Template NSSCMSDigestedDataTemplate[] = { 0, NULL, sizeof(NSSCMSDigestedData) }, { SEC_ASN1_INTEGER, offsetof(NSSCMSDigestedData,version) }, - { SEC_ASN1_INLINE, + { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(NSSCMSDigestedData,digestAlg), - SECOID_AlgorithmIDTemplate }, + SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, { SEC_ASN1_INLINE, offsetof(NSSCMSDigestedData,contentInfo), NSSCMSEncapsulatedContentInfoTemplate }, @@ -538,10 +553,10 @@ nss_cms_choose_content_template(void *src_or_dest, PRBool encoding) cinfo = (NSSCMSContentInfo *)src_or_dest; switch (NSS_CMSContentInfo_GetContentTypeTag(cinfo)) { default: - theTemplate = SEC_PointerToAnyTemplate; + theTemplate = SEC_ASN1_GET(SEC_PointerToAnyTemplate); break; case SEC_OID_PKCS7_DATA: - theTemplate = SEC_PointerToOctetStringTemplate; + theTemplate = SEC_ASN1_GET(SEC_PointerToOctetStringTemplate); break; case SEC_OID_PKCS7_SIGNED_DATA: theTemplate = NSS_PointerToCMSSignedDataTemplate; diff --git a/security/nss/lib/smime/cmsattr.c b/security/nss/lib/smime/cmsattr.c index 34016bd55..25bee424f 100644 --- a/security/nss/lib/smime/cmsattr.c +++ b/security/nss/lib/smime/cmsattr.c @@ -219,7 +219,7 @@ cms_attr_choose_attr_value_template(void *src_or_dest, PRBool encoding) if (encoding && attribute->encoded) /* we're encoding, and the attribute value is already encoded. */ - return SEC_AnyTemplate; + return SEC_ASN1_GET(SEC_AnyTemplate); /* get attribute's typeTag */ oiddata = attribute->typeTag; @@ -231,7 +231,7 @@ cms_attr_choose_attr_value_template(void *src_or_dest, PRBool encoding) if (oiddata == NULL) { /* still no OID tag? OID is unknown then. en/decode value as ANY. */ encoded = PR_TRUE; - theTemplate = SEC_AnyTemplate; + theTemplate = SEC_ASN1_GET(SEC_AnyTemplate); } else { switch (oiddata->offset) { SEC_OID_PKCS9_SMIME_CAPABILITIES: @@ -240,26 +240,26 @@ cms_attr_choose_attr_value_template(void *src_or_dest, PRBool encoding) default: /* same goes for OIDs that are not handled here */ encoded = PR_TRUE; - theTemplate = SEC_AnyTemplate; + theTemplate = SEC_ASN1_GET(SEC_AnyTemplate); break; /* otherwise choose proper template */ case SEC_OID_PKCS9_EMAIL_ADDRESS: case SEC_OID_RFC1274_MAIL: case SEC_OID_PKCS9_UNSTRUCTURED_NAME: encoded = PR_FALSE; - theTemplate = SEC_IA5StringTemplate; + theTemplate = SEC_ASN1_GET(SEC_IA5StringTemplate); break; case SEC_OID_PKCS9_CONTENT_TYPE: encoded = PR_FALSE; - theTemplate = SEC_ObjectIDTemplate; + theTemplate = SEC_ASN1_GET(SEC_ObjectIDTemplate); break; case SEC_OID_PKCS9_MESSAGE_DIGEST: encoded = PR_FALSE; - theTemplate = SEC_OctetStringTemplate; + theTemplate = SEC_ASN1_GET(SEC_OctetStringTemplate); break; case SEC_OID_PKCS9_SIGNING_TIME: encoded = PR_FALSE; - theTemplate = SEC_UTCTimeTemplate; + theTemplate = SEC_ASN1_GET(SEC_UTCTimeTemplate); break; /* XXX Want other types here, too */ } @@ -284,7 +284,7 @@ cms_attr_choose_attr_value_template(void *src_or_dest, PRBool encoding) return theTemplate; } -static SEC_ChooseASN1TemplateFunc cms_attr_chooser +static const SEC_ASN1TemplateChooserPtr cms_attr_chooser = cms_attr_choose_attr_value_template; const SEC_ASN1Template nss_cms_attribute_template[] = { diff --git a/security/nss/lib/smime/cmspubkey.c b/security/nss/lib/smime/cmspubkey.c index 9654ef26c..043b6cfc1 100644 --- a/security/nss/lib/smime/cmspubkey.c +++ b/security/nss/lib/smime/cmspubkey.c @@ -342,8 +342,8 @@ NSS_CMSUtil_DecryptSymKey_MISSI(SECKEYPrivateKey *privkey, SECItem *encKey, SECA bulk key size is different than the encrypted key size */ if (keaParams.bulkKeySize.len > 0) { err = SEC_ASN1DecodeItem(NULL, &bulkLength, - SEC_IntegerTemplate, - &keaParams.bulkKeySize); + SEC_ASN1_GET(SEC_IntegerTemplate), + &keaParams.bulkKeySize); if (err != SECSuccess) goto loser; } diff --git a/security/nss/lib/smime/cmssigdata.c b/security/nss/lib/smime/cmssigdata.c index b33d251d2..dc3744928 100644 --- a/security/nss/lib/smime/cmssigdata.c +++ b/security/nss/lib/smime/cmssigdata.c @@ -181,7 +181,8 @@ NSS_CMSSignedData_Encode_BeforeStart(NSSCMSSignedData *sigd) return SECFailure; /* this is a SET OF, so we need to sort them guys */ - rv = NSS_CMSArray_SortByDER((void **)sigd->digestAlgorithms, SECOID_AlgorithmIDTemplate, + rv = NSS_CMSArray_SortByDER((void **)sigd->digestAlgorithms, + SEC_ASN1_GET(SECOID_AlgorithmIDTemplate), (void **)sigd->digests); if (rv != SECSuccess) return SECFailure; diff --git a/security/nss/lib/smime/smimeutil.c b/security/nss/lib/smime/smimeutil.c index 7d98b6a09..1a4d4073e 100644 --- a/security/nss/lib/smime/smimeutil.c +++ b/security/nss/lib/smime/smimeutil.c @@ -48,6 +48,9 @@ #include "secerr.h" #include "cms.h" +SEC_ASN1_MKSUB(CERT_IssuerAndSNTemplate) +SEC_ASN1_MKSUB(SEC_OctetStringTemplate) + /* various integer's ASN.1 encoding */ static unsigned char asn1_int40[] = { SEC_ASN1_INTEGER, 0x01, 0x28 }; static unsigned char asn1_int64[] = { SEC_ASN1_INTEGER, 0x01, 0x40 }; @@ -108,17 +111,17 @@ static const SEC_ASN1Template smime_encryptionkeypref_template[] = { { SEC_ASN1_CHOICE, offsetof(NSSSMIMEEncryptionKeyPreference,selector), NULL, sizeof(NSSSMIMEEncryptionKeyPreference) }, - { SEC_ASN1_POINTER | SEC_ASN1_CONTEXT_SPECIFIC | 0, + { SEC_ASN1_POINTER | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0, offsetof(NSSSMIMEEncryptionKeyPreference,id.issuerAndSN), - CERT_IssuerAndSNTemplate, + SEC_ASN1_SUB(CERT_IssuerAndSNTemplate), NSSSMIMEEncryptionKeyPref_IssuerSN }, { SEC_ASN1_POINTER | SEC_ASN1_CONTEXT_SPECIFIC | 1, offsetof(NSSSMIMEEncryptionKeyPreference,id.recipientKeyID), NSSCMSRecipientKeyIdentifierTemplate, NSSSMIMEEncryptionKeyPref_IssuerSN }, - { SEC_ASN1_POINTER | SEC_ASN1_CONTEXT_SPECIFIC | 2, + { SEC_ASN1_POINTER | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 2, offsetof(NSSSMIMEEncryptionKeyPreference,id.subjectKeyID), - SEC_OctetStringTemplate, + SEC_ASN1_SUB(SEC_OctetStringTemplate), NSSSMIMEEncryptionKeyPref_SubjectKeyID }, { 0, } }; diff --git a/security/nss/lib/softoken/keydb.c b/security/nss/lib/softoken/keydb.c index a9e2aa8b4..b98018ed8 100644 --- a/security/nss/lib/softoken/keydb.c +++ b/security/nss/lib/softoken/keydb.c @@ -2308,3 +2308,14 @@ done: return (errors == 0 ? SECSuccess : SECFailure); } + +/* These functions simply return the address of the above-declared templates. +** This is necessary for Windows DLLs. Sigh. +*/ +SEC_ASN1_CHOOSER_IMPLEMENT(SECKEY_PrivateKeyInfoTemplate) +SEC_ASN1_CHOOSER_IMPLEMENT(SECKEY_PointerToPrivateKeyInfoTemplate) +SEC_ASN1_CHOOSER_IMPLEMENT(SECKEY_EncryptedPrivateKeyInfoTemplate) +SEC_ASN1_CHOOSER_IMPLEMENT(SECKEY_PointerToEncryptedPrivateKeyInfoTemplate) +SEC_ASN1_CHOOSER_IMPLEMENT(SECKEY_DSAPublicKeyTemplate) +SEC_ASN1_CHOOSER_IMPLEMENT(SECKEY_RSAPublicKeyTemplate) + diff --git a/security/nss/lib/softoken/keydbt.h b/security/nss/lib/softoken/keydbt.h index 1b781b939..31d518f53 100644 --- a/security/nss/lib/softoken/keydbt.h +++ b/security/nss/lib/softoken/keydbt.h @@ -86,4 +86,14 @@ extern const SEC_ASN1Template SECKEY_PointerToPrivateKeyInfoTemplate[]; extern const SEC_ASN1Template SECKEY_PQGParamsTemplate[]; extern const SEC_ASN1Template SECKEY_AttributeTemplate[]; +/* These functions simply return the address of the above-declared templates. +** This is necessary for Windows DLLs. Sigh. +*/ +extern SEC_ASN1TemplateChooser NSS_Get_SECKEY_PrivateKeyInfoTemplate; +extern SEC_ASN1TemplateChooser NSS_Get_SECKEY_PointerToPrivateKeyInfoTemplate; +extern SEC_ASN1TemplateChooser NSS_Get_SECKEY_EncryptedPrivateKeyInfoTemplate; +extern SEC_ASN1TemplateChooser NSS_Get_SECKEY_PointerToEncryptedPrivateKeyInfoTemplate; +extern SEC_ASN1TemplateChooser NSS_Get_SECKEY_DSAPublicKeyTemplate; +extern SEC_ASN1TemplateChooser NSS_Get_SECKEY_RSAPublicKeyTemplate; + #endif /* _KEYDBT_H_ */ diff --git a/security/nss/lib/util/secalgid.c b/security/nss/lib/util/secalgid.c index 7b04941a1..a9ef62d95 100644 --- a/security/nss/lib/util/secalgid.c +++ b/security/nss/lib/util/secalgid.c @@ -167,3 +167,7 @@ SECOID_CompareAlgorithmID(SECAlgorithmID *a, SECAlgorithmID *b) rv = SECITEM_CompareItem(&a->parameters, &b->parameters); return rv; } + +/* This functions simply returns the address of the above-declared template. */ +SEC_ASN1_CHOOSER_IMPLEMENT(SECOID_AlgorithmIDTemplate) + diff --git a/security/nss/lib/util/secasn1.h b/security/nss/lib/util/secasn1.h index f35860ea2..786985b89 100644 --- a/security/nss/lib/util/secasn1.h +++ b/security/nss/lib/util/secasn1.h @@ -260,5 +260,22 @@ extern const SEC_ASN1Template SEC_SetOfVisibleStringTemplate[]; */ extern const SEC_ASN1Template SEC_SkipTemplate[]; +/* These functions simply return the address of the above-declared templates. +** This is necessary for Windows DLLs. Sigh. +*/ +SEC_ASN1_CHOOSER_DECLARE(SEC_AnyTemplate) +SEC_ASN1_CHOOSER_DECLARE(SEC_BMPStringTemplate) +SEC_ASN1_CHOOSER_DECLARE(SEC_BitStringTemplate) +SEC_ASN1_CHOOSER_DECLARE(SEC_GeneralizedTimeTemplate) +SEC_ASN1_CHOOSER_DECLARE(SEC_IA5StringTemplate) +SEC_ASN1_CHOOSER_DECLARE(SEC_IntegerTemplate) +SEC_ASN1_CHOOSER_DECLARE(SEC_ObjectIDTemplate) +SEC_ASN1_CHOOSER_DECLARE(SEC_OctetStringTemplate) +SEC_ASN1_CHOOSER_DECLARE(SEC_UTCTimeTemplate) + +SEC_ASN1_CHOOSER_DECLARE(SEC_PointerToAnyTemplate) +SEC_ASN1_CHOOSER_DECLARE(SEC_PointerToOctetStringTemplate) + +SEC_ASN1_CHOOSER_DECLARE(SEC_SetOfAnyTemplate) #endif /* _SECASN1_H_ */ diff --git a/security/nss/lib/util/secasn1d.c b/security/nss/lib/util/secasn1d.c index 544210d3d..99ce8a542 100644 --- a/security/nss/lib/util/secasn1d.c +++ b/security/nss/lib/util/secasn1d.c @@ -2932,3 +2932,21 @@ const SEC_ASN1Template SEC_SetOfVisibleStringTemplate[] = { const SEC_ASN1Template SEC_SkipTemplate[] = { { SEC_ASN1_SKIP } }; + + +/* These functions simply return the address of the above-declared templates. +** This is necessary for Windows DLLs. Sigh. +*/ +SEC_ASN1_CHOOSER_IMPLEMENT(SEC_AnyTemplate) +SEC_ASN1_CHOOSER_IMPLEMENT(SEC_BMPStringTemplate) +SEC_ASN1_CHOOSER_IMPLEMENT(SEC_BitStringTemplate) +SEC_ASN1_CHOOSER_IMPLEMENT(SEC_IA5StringTemplate) +SEC_ASN1_CHOOSER_IMPLEMENT(SEC_GeneralizedTimeTemplate) +SEC_ASN1_CHOOSER_IMPLEMENT(SEC_IntegerTemplate) +SEC_ASN1_CHOOSER_IMPLEMENT(SEC_ObjectIDTemplate) +SEC_ASN1_CHOOSER_IMPLEMENT(SEC_OctetStringTemplate) +SEC_ASN1_CHOOSER_IMPLEMENT(SEC_UTCTimeTemplate) +SEC_ASN1_CHOOSER_IMPLEMENT(SEC_PointerToAnyTemplate) +SEC_ASN1_CHOOSER_IMPLEMENT(SEC_PointerToOctetStringTemplate) +SEC_ASN1_CHOOSER_IMPLEMENT(SEC_SetOfAnyTemplate) + diff --git a/security/nss/lib/util/secasn1t.h b/security/nss/lib/util/secasn1t.h index 1e87ed12c..711b9eae1 100644 --- a/security/nss/lib/util/secasn1t.h +++ b/security/nss/lib/util/secasn1t.h @@ -184,13 +184,34 @@ typedef struct sec_ASN1Template_struct { #define SEC_ASN1_SET_OF (SEC_ASN1_GROUP | SEC_ASN1_SET) #define SEC_ASN1_ANY_CONTENTS (SEC_ASN1_ANY | SEC_ASN1_INNER) + /* ** Function used for SEC_ASN1_DYNAMIC. ** "arg" is a pointer to the structure being encoded/decoded ** "enc", when true, means that we are encoding (false means decoding) */ -typedef const SEC_ASN1Template * (* SEC_ChooseASN1TemplateFunc)(void *arg, - PRBool enc); +typedef const SEC_ASN1Template * SEC_ASN1TemplateChooser(void *arg, PRBool enc); +typedef SEC_ASN1TemplateChooser * SEC_ASN1TemplateChooserPtr; + +#if defined(_WIN32) +#define SEC_ASN1_GET(x) NSS_Get_##x(NULL, PR_FALSE) +#define SEC_ASN1_SUB(x) &p_NSS_Get_##x +#define SEC_ASN1_XTRN SEC_ASN1_DYNAMIC +#define SEC_ASN1_MKSUB(x) \ +static const SEC_ASN1TemplateChooserPtr p_NSS_Get_##x = &NSS_Get_##x; +#else +#define SEC_ASN1_GET(x) x +#define SEC_ASN1_SUB(x) x +#define SEC_ASN1_XTRN 0 +#define SEC_ASN1_MKSUB(x) +#endif + +#define SEC_ASN1_CHOOSER_DECLARE(x) \ +extern SEC_ASN1TemplateChooser NSS_Get_##x; + +#define SEC_ASN1_CHOOSER_IMPLEMENT(x) \ +const SEC_ASN1Template * NSS_Get_##x(void * arg, PRBool enc) \ +{ return x; } /* ** Opaque object used by the decoder to store state. diff --git a/security/nss/lib/util/secasn1u.c b/security/nss/lib/util/secasn1u.c index ea068893b..83673ca0b 100644 --- a/security/nss/lib/util/secasn1u.c +++ b/security/nss/lib/util/secasn1u.c @@ -85,22 +85,22 @@ const SEC_ASN1Template * SEC_ASN1GetSubtemplate (const SEC_ASN1Template *theTemplate, void *thing, PRBool encoding) { - const SEC_ASN1Template *subt; + const SEC_ASN1Template *subt = NULL; PORT_Assert (theTemplate->sub != NULL); - if (theTemplate->kind & SEC_ASN1_DYNAMIC) { - SEC_ChooseASN1TemplateFunc chooser, *chooserp; + if (theTemplate->sub != NULL) { + if (theTemplate->kind & SEC_ASN1_DYNAMIC) { + SEC_ASN1TemplateChooserPtr chooserp; - chooserp = (SEC_ChooseASN1TemplateFunc *) theTemplate->sub; - if (chooserp == NULL || *chooserp == NULL) - return NULL; - chooser = *chooserp; - if (thing != NULL) - thing = (char *)thing - theTemplate->offset; - subt = (* chooser)(thing, encoding); - } else { - subt = (SEC_ASN1Template*)theTemplate->sub; + chooserp = *(SEC_ASN1TemplateChooserPtr *) theTemplate->sub; + if (chooserp) { + if (thing != NULL) + thing = (char *)thing - theTemplate->offset; + subt = (* chooserp)(thing, encoding); + } + } else { + subt = (SEC_ASN1Template*)theTemplate->sub; + } } - return subt; } diff --git a/security/nss/lib/util/secdig.c b/security/nss/lib/util/secdig.c index 020829b84..056068222 100644 --- a/security/nss/lib/util/secdig.c +++ b/security/nss/lib/util/secdig.c @@ -66,6 +66,8 @@ const SEC_ASN1Template sgn_DigestInfoTemplate[] = { { 0 } }; +SEC_ASN1_CHOOSER_IMPLEMENT(sgn_DigestInfoTemplate) + /* * XXX Want to have a SGN_DecodeDigestInfo, like: * SGNDigestInfo *SGN_DecodeDigestInfo(SECItem *didata); diff --git a/security/nss/lib/util/secdig.h b/security/nss/lib/util/secdig.h index bd2703f65..2b0fb2740 100644 --- a/security/nss/lib/util/secdig.h +++ b/security/nss/lib/util/secdig.h @@ -46,6 +46,9 @@ extern const SEC_ASN1Template sgn_DigestInfoTemplate[]; + +SEC_ASN1_CHOOSER_DECLARE(sgn_DigestInfoTemplate) + extern DERTemplate SGNDigestInfoTemplate[]; diff --git a/security/nss/lib/util/secoid.h b/security/nss/lib/util/secoid.h index 9f8c7b11c..cd17d7c66 100644 --- a/security/nss/lib/util/secoid.h +++ b/security/nss/lib/util/secoid.h @@ -47,6 +47,9 @@ extern const SEC_ASN1Template SECOID_AlgorithmIDTemplate[]; +/* This functions simply returns the address of the above-declared template. */ +SEC_ASN1_CHOOSER_DECLARE(SECOID_AlgorithmIDTemplate) + SEC_BEGIN_PROTOS /* |