Bug 1061021, Part 8: Stop using PLArenaPool for CertID encoding, r=keeler
authorBrian Smith <brian@briansmith.org>
Sat, 30 Aug 2014 17:47:22 -0700
changeset 14679 cbd4132642d4c8df7359f071aa3d5243e002dac7
parent 14678 bc91f4793d5ad18741284d523d2a27d268be0951
child 14680 40b2079e912c7ef2246a663fe471099cec41bb14
push id3202
push userfranziskuskiefer@gmail.com
push dateMon, 01 Oct 2018 08:30:12 +0000
reviewerskeeler
bugs1061021
Bug 1061021, Part 8: Stop using PLArenaPool for CertID encoding, r=keeler
lib/mozpkix/test/lib/pkixtestutil.cpp
--- a/lib/mozpkix/test/lib/pkixtestutil.cpp
+++ b/lib/mozpkix/test/lib/pkixtestutil.cpp
@@ -248,17 +248,17 @@ OCSPResponseContext::OCSPResponseContext
 }
 
 static ByteString ResponseBytes(OCSPResponseContext& context);
 static ByteString BasicOCSPResponse(OCSPResponseContext& context);
 static SECItem* ResponseData(OCSPResponseContext& context);
 static ByteString ResponderID(OCSPResponseContext& context);
 static ByteString KeyHash(OCSPResponseContext& context);
 static SECItem* SingleResponse(OCSPResponseContext& context);
-static SECItem* CertID(OCSPResponseContext& context);
+static ByteString CertID(OCSPResponseContext& context);
 static ByteString CertStatus(OCSPResponseContext& context);
 
 static SECItem*
 EncodeNested(PLArenaPool* arena, uint8_t tag, const SECItem* inner)
 {
   Output output;
   if (output.Add(inner) != Success) {
     return nullptr;
@@ -1212,18 +1212,18 @@ KeyHash(OCSPResponseContext& context)
 //    certID                  CertID,
 //    certStatus              CertStatus,
 //    thisUpdate              GeneralizedTime,
 //    nextUpdate          [0] EXPLICIT GeneralizedTime OPTIONAL,
 //    singleExtensions    [1] EXPLICIT Extensions OPTIONAL }
 SECItem*
 SingleResponse(OCSPResponseContext& context)
 {
-  SECItem* certID = CertID(context);
-  if (!certID) {
+  ByteString certID(CertID(context));
+  if (certID == ENCODING_FAILED) {
     return nullptr;
   }
   ByteString certStatus(CertStatus(context));
   if (certStatus == ENCODING_FAILED) {
     return nullptr;
   }
   ByteString thisUpdateEncoded(TimeToGeneralizedTime(context.thisUpdate));
   if (thisUpdateEncoded == ENCODING_FAILED) {
@@ -1238,80 +1238,70 @@ SingleResponse(OCSPResponseContext& cont
     nextUpdateEncodedNested = TLV(der::CONSTRUCTED | der::CONTEXT_SPECIFIC | 0,
                                   nextUpdateEncoded);
     if (nextUpdateEncodedNested == ENCODING_FAILED) {
       return nullptr;
     }
   }
 
   Output output;
-  if (output.Add(certID) != Success) {
-    return nullptr;
-  }
+  output.Add(certID);
   output.Add(certStatus);
   output.Add(thisUpdateEncoded);
   if (!nextUpdateEncodedNested.empty()) {
     output.Add(nextUpdateEncodedNested);
   }
   return output.Squash(context.arena, der::SEQUENCE);
 }
 
 // CertID          ::=     SEQUENCE {
 //        hashAlgorithm       AlgorithmIdentifier,
 //        issuerNameHash      OCTET STRING, -- Hash of issuer's DN
 //        issuerKeyHash       OCTET STRING, -- Hash of issuer's public key
 //        serialNumber        CertificateSerialNumber }
-SECItem*
+ByteString
 CertID(OCSPResponseContext& context)
 {
   SECItem issuerSECItem = UnsafeMapInputToSECItem(context.certID.issuer);
   ByteString issuerNameHash(HashedOctetString(issuerSECItem));
   if (issuerNameHash == ENCODING_FAILED) {
-    return nullptr;
+    return ENCODING_FAILED;
   }
 
   SECItem issuerSubjectPublicKeyInfoSECItem =
     UnsafeMapInputToSECItem(context.certID.issuerSubjectPublicKeyInfo);
   ScopedPtr<CERTSubjectPublicKeyInfo, SECKEY_DestroySubjectPublicKeyInfo>
     spki(SECKEY_DecodeDERSubjectPublicKeyInfo(
            &issuerSubjectPublicKeyInfoSECItem));
   if (!spki) {
-    return nullptr;
+    return ENCODING_FAILED;
   }
   ByteString issuerKeyHash(KeyHashHelper(spki.get()));
   if (issuerKeyHash == ENCODING_FAILED) {
-    return nullptr;
+    return ENCODING_FAILED;
   }
 
   ByteString serialNumberValue(context.certID.serialNumber.UnsafeGetData(),
                                context.certID.serialNumber.GetLength());
   ByteString serialNumber(TLV(der::INTEGER, serialNumberValue));
   if (serialNumber == ENCODING_FAILED) {
-    return nullptr;
+    return ENCODING_FAILED;
   }
 
-  Output output;
-
   // python DottedOIDToCode.py --alg id-sha1 1.3.14.3.2.26
   static const uint8_t alg_id_sha1[] = {
     0x30, 0x07, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a
   };
-  static const SECItem id_sha1 = {
-    siBuffer,
-    const_cast<uint8_t*>(alg_id_sha1),
-    sizeof(alg_id_sha1)
-  };
 
-  if (output.Add(&id_sha1) != Success) {
-    return nullptr;
-  }
-  output.Add(issuerNameHash);
-  output.Add(issuerKeyHash);
-  output.Add(serialNumber);
-  return output.Squash(context.arena, der::SEQUENCE);
+  ByteString value;
+  value.append(alg_id_sha1, sizeof(alg_id_sha1));
+  value.append(issuerNameHash);
+  value.append(issuerKeyHash);
+  value.append(serialNumber);
+  return TLV(der::SEQUENCE, value);
 }
 
 // CertStatus ::= CHOICE {
 //    good                [0] IMPLICIT NULL,
 //    revoked             [1] IMPLICIT RevokedInfo,
 //    unknown             [2] IMPLICIT UnknownInfo }
 //
 // RevokedInfo ::= SEQUENCE {