bug 1007962 - CreateEncodedCertificate should take a SECItem as its serialNumber argument r=mmc
authorDavid Keeler <dkeeler@mozilla.com>
Thu, 08 May 2014 15:33:38 -0700
changeset 182470 7176ac3db029ec2b533736d31fe253989574b341
parent 182469 7a515c1d5a21162e24b17b8d418539603597bbab
child 182471 e9cfc11a722d6103570ec24161ec45101359b057
push id26764
push usercbook@mozilla.com
push dateMon, 12 May 2014 11:35:17 +0000
treeherdermozilla-central@a64ed5aba131 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmmc
bugs1007962
milestone32.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
bug 1007962 - CreateEncodedCertificate should take a SECItem as its serialNumber argument r=mmc
security/pkix/test/lib/pkixtestutil.cpp
security/pkix/test/lib/pkixtestutil.h
--- a/security/pkix/test/lib/pkixtestutil.cpp
+++ b/security/pkix/test/lib/pkixtestutil.cpp
@@ -606,29 +606,29 @@ GenerateKeyPair(/*out*/ ScopedSECKEYPubl
   return SECSuccess;
 }
 
 
 ///////////////////////////////////////////////////////////////////////////////
 // Certificates
 
 static SECItem* TBSCertificate(PLArenaPool* arena, long version,
-                               long serialNumber, SECOidTag signature,
+                               SECItem* serialNumber, SECOidTag signature,
                                const SECItem* issuer, PRTime notBefore,
                                PRTime notAfter, const SECItem* subject,
                                const SECKEYPublicKey* subjectPublicKey,
                                /*optional*/ SECItem const* const* extensions);
 
 // Certificate  ::=  SEQUENCE  {
 //         tbsCertificate       TBSCertificate,
 //         signatureAlgorithm   AlgorithmIdentifier,
 //         signatureValue       BIT STRING  }
 SECItem*
 CreateEncodedCertificate(PLArenaPool* arena, long version,
-                         SECOidTag signature, long serialNumber,
+                         SECOidTag signature, SECItem* serialNumber,
                          const SECItem* issuerNameDER, PRTime notBefore,
                          PRTime notAfter, const SECItem* subjectNameDER,
                          /*optional*/ SECItem const* const* extensions,
                          /*optional*/ SECKEYPrivateKey* issuerPrivateKey,
                          SECOidTag signatureHashAlg,
                          /*out*/ ScopedSECKEYPrivateKey& privateKey)
 {
   PR_ASSERT(arena);
@@ -669,17 +669,17 @@ CreateEncodedCertificate(PLArenaPool* ar
 //      issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
 //                           -- If present, version MUST be v2 or v3
 //      subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
 //                           -- If present, version MUST be v2 or v3
 //      extensions      [3]  Extensions OPTIONAL
 //                           -- If present, version MUST be v3 --  }
 static SECItem*
 TBSCertificate(PLArenaPool* arena, long versionValue,
-               long serialNumberValue, SECOidTag signatureOidTag,
+               SECItem* serialNumber, SECOidTag signatureOidTag,
                const SECItem* issuer, PRTime notBeforeTime,
                PRTime notAfterTime, const SECItem* subject,
                const SECKEYPublicKey* subjectPublicKey,
                /*optional*/ SECItem const* const* extensions)
 {
   PR_ASSERT(arena);
   PR_ASSERT(issuer);
   PR_ASSERT(subject);
@@ -702,20 +702,16 @@ TBSCertificate(PLArenaPool* arena, long 
     if (!version) {
       return nullptr;
     }
     if (output.Add(version) != der::Success) {
       return nullptr;
     }
   }
 
-  SECItem* serialNumber(Integer(arena, serialNumberValue));
-  if (!serialNumber) {
-    return nullptr;
-  }
   if (output.Add(serialNumber) != der::Success) {
     return nullptr;
   }
 
   SECItem* signature(AlgorithmIdentifier(arena, signatureOidTag));
   if (!signature) {
     return nullptr;
   }
--- a/security/pkix/test/lib/pkixtestutil.h
+++ b/security/pkix/test/lib/pkixtestutil.h
@@ -55,28 +55,30 @@ extern const PRTime ONE_DAY;
 SECStatus GenerateKeyPair(/*out*/ ScopedSECKEYPublicKey& publicKey,
                           /*out*/ ScopedSECKEYPrivateKey& privateKey);
 
 ///////////////////////////////////////////////////////////////////////////////
 // Encode Certificates
 
 enum Version { v1 = 0, v2 = 1, v3 = 2 };
 
+// serialNumber is assumed to be the DER encoding of an INTEGER.
+//
 // If extensions is null, then no extensions will be encoded. Otherwise,
 // extensions must point to a null-terminated array of SECItem*. If the first
 // item of the array is null then an empty Extensions sequence will be encoded.
 //
 // If issuerPrivateKey is null, then the certificate will be self-signed.
 // Parameter order is based on the order of the attributes of the certificate
 // in RFC 5280.
 //
 // The return value, if non-null, is owned by the arena in the context and
 // MUST NOT be freed.
 SECItem* CreateEncodedCertificate(PLArenaPool* arena, long version,
-                                  SECOidTag signature, long serialNumber,
+                                  SECOidTag signature, SECItem* serialNumber,
                                   const SECItem* issuerNameDER,
                                   PRTime notBefore, PRTime notAfter,
                                   const SECItem* subjectNameDER,
                      /*optional*/ SECItem const* const* extensions,
                      /*optional*/ SECKEYPrivateKey* issuerPrivateKey,
                                   SECOidTag signatureHashAlg,
                           /*out*/ ScopedSECKEYPrivateKey& privateKey);