Add m-esr52 at 52.6.0

1 files changed, 160 insertions, 0 deletions

diff --git a/security/nss/lib/certhigh/crlv2.c b/security/nss/lib/certhigh/crlv2.c
new file mode 100644
index 000000000..d58d4e083
--- /dev/null
+++ b/security/nss/lib/certhigh/crlv2.c
@@ -0,0 +1,160 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Code for dealing with x.509 v3 crl and crl entries extensions.
+ */
+
+#include "cert.h"
+#include "secitem.h"
+#include "secoid.h"
+#include "secoidt.h"
+#include "secder.h"
+#include "secasn1.h"
+#include "certxutl.h"
+
+SECStatus
+CERT_FindCRLExtensionByOID(CERTCrl *crl, SECItem *oid, SECItem *value)
+{
+    return (cert_FindExtensionByOID(crl->extensions, oid, value));
+}
+
+SECStatus
+CERT_FindCRLExtension(CERTCrl *crl, int tag, SECItem *value)
+{
+    return (cert_FindExtension(crl->extensions, tag, value));
+}
+
+/* Callback to set extensions and adjust verison */
+static void
+SetCrlExts(void *object, CERTCertExtension **exts)
+{
+    CERTCrl *crl = (CERTCrl *)object;
+
+    crl->extensions = exts;
+    DER_SetUInteger(crl->arena, &crl->version, SEC_CRL_VERSION_2);
+}
+
+void *
+CERT_StartCRLExtensions(CERTCrl *crl)
+{
+    return (cert_StartExtensions((void *)crl, crl->arena, SetCrlExts));
+}
+
+static void
+SetCrlEntryExts(void *object, CERTCertExtension **exts)
+{
+    CERTCrlEntry *crlEntry = (CERTCrlEntry *)object;
+
+    crlEntry->extensions = exts;
+}
+
+void *
+CERT_StartCRLEntryExtensions(CERTCrl *crl, CERTCrlEntry *entry)
+{
+    return (cert_StartExtensions(entry, crl->arena, SetCrlEntryExts));
+}
+
+SECStatus
+CERT_FindCRLNumberExten(PLArenaPool *arena, CERTCrl *crl,
+                        SECItem *value)
+{
+    SECItem encodedExtenValue;
+    SECItem *tmpItem = NULL;
+    SECStatus rv;
+    void *mark = NULL;
+
+    encodedExtenValue.data = NULL;
+    encodedExtenValue.len = 0;
+
+    rv = cert_FindExtension(crl->extensions, SEC_OID_X509_CRL_NUMBER,
+                            &encodedExtenValue);
+    if (rv != SECSuccess)
+        return (rv);
+
+    mark = PORT_ArenaMark(arena);
+
+    tmpItem = SECITEM_ArenaDupItem(arena, &encodedExtenValue);
+    if (tmpItem) {
+        rv = SEC_QuickDERDecodeItem(arena, value,
+                                    SEC_ASN1_GET(SEC_IntegerTemplate),
+                                    tmpItem);
+    } else {
+        rv = SECFailure;
+    }
+
+    PORT_Free(encodedExtenValue.data);
+    if (rv == SECFailure) {
+        PORT_ArenaRelease(arena, mark);
+    } else {
+        PORT_ArenaUnmark(arena, mark);
+    }
+    return (rv);
+}
+
+SECStatus
+CERT_FindCRLEntryReasonExten(CERTCrlEntry *crlEntry,
+                             CERTCRLEntryReasonCode *value)
+{
+    SECItem wrapperItem = { siBuffer, 0 };
+    SECItem tmpItem = { siBuffer, 0 };
+    SECStatus rv;
+    PLArenaPool *arena = NULL;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (!arena) {
+        return (SECFailure);
+    }
+
+    rv = cert_FindExtension(crlEntry->extensions, SEC_OID_X509_REASON_CODE,
+                            &wrapperItem);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    rv = SEC_QuickDERDecodeItem(arena, &tmpItem,
+                                SEC_ASN1_GET(SEC_EnumeratedTemplate),
+                                &wrapperItem);
+
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    *value = (CERTCRLEntryReasonCode)DER_GetInteger(&tmpItem);
+
+loser:
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+
+    if (wrapperItem.data) {
+        PORT_Free(wrapperItem.data);
+    }
+
+    return (rv);
+}
+
+SECStatus
+CERT_FindInvalidDateExten(CERTCrl *crl, PRTime *value)
+{
+    SECItem encodedExtenValue;
+    SECItem decodedExtenValue = { siBuffer, 0 };
+    SECStatus rv;
+
+    encodedExtenValue.data = decodedExtenValue.data = NULL;
+    encodedExtenValue.len = decodedExtenValue.len = 0;
+
+    rv = cert_FindExtension(crl->extensions, SEC_OID_X509_INVALID_DATE, &encodedExtenValue);
+    if (rv != SECSuccess)
+        return (rv);
+
+    rv = SEC_ASN1DecodeItem(NULL, &decodedExtenValue,
+                            SEC_ASN1_GET(SEC_GeneralizedTimeTemplate),
+                            &encodedExtenValue);
+    if (rv == SECSuccess)
+        rv = DER_GeneralizedTimeToTime(value, &encodedExtenValue);
+    PORT_Free(decodedExtenValue.data);
+    PORT_Free(encodedExtenValue.data);
+    return (rv);
+}