--- /dev/null
+/*
+ * Copyright (c) 2003,2011-2012,2014 Apple Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+/*
+ * clNameUtils.cpp - support for Name, GeneralizedName, all sorts of names
+ */
+
+#include "clNameUtils.h"
+#include "clNssUtils.h"
+#include "cldebugging.h"
+#include <security_utilities/utilities.h>
+
+#pragma mark ----- NSS_Name <--> CSSM_X509_NAME -----
+
+/*
+ * NSS_ATV --> CSSM_X509_TYPE_VALUE_PAIR
+ */
+static
+void CL_nssAtvToCssm(
+ const NSS_ATV &nssObj,
+ CSSM_X509_TYPE_VALUE_PAIR &cssmObj,
+ Allocator &alloc)
+{
+ /* tag and decoded data */
+ cssmObj.valueType = nssObj.value.tag;
+ clAllocCopyData(alloc, nssObj.value.item, cssmObj.value);
+ /* the OID */
+ clAllocCopyData(alloc, nssObj.type, cssmObj.type);
+}
+
+/* NSS_RDN --> CSSM_X509_RDN */
+void CL_nssRdnToCssm(
+ const NSS_RDN &nssObj,
+ CSSM_X509_RDN &cssmObj,
+ Allocator &alloc,
+ SecNssCoder &coder) // conversion requires further decoding
+{
+ memset(&cssmObj, 0, sizeof(cssmObj));
+ unsigned numAtvs = clNssArraySize((const void **)nssObj.atvs);
+ if(numAtvs == 0) {
+ return;
+ }
+
+ size_t len = numAtvs * sizeof(CSSM_X509_TYPE_VALUE_PAIR);
+ cssmObj.AttributeTypeAndValue =
+ (CSSM_X509_TYPE_VALUE_PAIR_PTR)alloc.malloc(len);
+ cssmObj.numberOfPairs = numAtvs;
+ CSSM_X509_TYPE_VALUE_PAIR_PTR cssmAtvs = cssmObj.AttributeTypeAndValue;
+ memset(cssmAtvs, 0, len);
+
+ for(unsigned dex=0; dex<numAtvs; dex++) {
+ CL_nssAtvToCssm(*(nssObj.atvs[dex]), cssmAtvs[dex], alloc);
+ }
+ return;
+}
+
+/* NSS_Name --> CSSM_X509_NAME */
+void CL_nssNameToCssm(
+ const NSS_Name &nssObj,
+ CSSM_X509_NAME &cssmObj,
+ Allocator &alloc)
+{
+ memset(&cssmObj, 0, sizeof(cssmObj));
+ unsigned numRdns = clNssArraySize((const void **)nssObj.rdns);
+ if(numRdns == 0) {
+ /* not technically an error */
+ return;
+ }
+
+ size_t len = numRdns * sizeof(CSSM_X509_RDN);
+ cssmObj.RelativeDistinguishedName = (CSSM_X509_RDN_PTR)alloc.malloc(len);
+ cssmObj.numberOfRDNs = numRdns;
+ CSSM_X509_RDN_PTR cssmRdns = cssmObj.RelativeDistinguishedName;
+ memset(cssmRdns, 0, len);
+
+ SecNssCoder coder; // conversion requires further decoding
+
+ for(unsigned dex=0; dex<numRdns; dex++) {
+ CL_nssRdnToCssm(*(nssObj.rdns[dex]), cssmRdns[dex], alloc, coder);
+ }
+ return;
+}
+
+/*
+ * CSSM_X509_TYPE_VALUE_PAIR --> NSS_ATV
+ */
+void CL_cssmAtvToNss(
+ const CSSM_X509_TYPE_VALUE_PAIR &cssmObj,
+ NSS_ATV &nssObj,
+ SecNssCoder &coder)
+{
+ memset(&nssObj, 0, sizeof(nssObj));
+
+ /* copy the OID */
+ coder.allocCopyItem(cssmObj.type, nssObj.type);
+
+ /* tag and value */
+ nssObj.value.tag = cssmObj.valueType;
+ coder.allocCopyItem(cssmObj.value, nssObj.value.item);
+}
+
+/* CSSM_X509_RDN --> NSS_RDN */
+void CL_cssmRdnToNss(
+ const CSSM_X509_RDN &cssmObj,
+ NSS_RDN &nssObj,
+ SecNssCoder &coder)
+{
+ memset(&nssObj, 0, sizeof(nssObj));
+
+ /* alloc NULL-terminated array of ATV pointers */
+ unsigned numAtvs = cssmObj.numberOfPairs;
+ unsigned size = (numAtvs + 1) * sizeof(void *);
+ nssObj.atvs = (NSS_ATV **)coder.malloc(size);
+ memset(nssObj.atvs, 0, size);
+
+ /* grind thru the elements */
+ for(unsigned atvDex=0; atvDex<numAtvs; atvDex++) {
+ nssObj.atvs[atvDex] = (NSS_ATV *)coder.malloc(sizeof(NSS_ATV));
+ CL_cssmAtvToNss(cssmObj.AttributeTypeAndValue[atvDex],
+ *nssObj.atvs[atvDex], coder);
+ }
+}
+
+/* CSSM_X509_NAME --> NSS_Name */
+void CL_cssmNameToNss(
+ const CSSM_X509_NAME &cssmObj,
+ NSS_Name &nssObj,
+ SecNssCoder &coder)
+{
+ memset(&nssObj, 0, sizeof(nssObj));
+
+ /* alloc NULL-terminated array of RDN pointers */
+ unsigned numRdns = cssmObj.numberOfRDNs;
+ nssObj.rdns = (NSS_RDN **)clNssNullArray(numRdns, coder);
+
+ /* grind thru the elements */
+ for(unsigned rdnDex=0; rdnDex<numRdns; rdnDex++) {
+ nssObj.rdns[rdnDex] = (NSS_RDN *)coder.malloc(sizeof(NSS_RDN));
+ CL_cssmRdnToNss(cssmObj.RelativeDistinguishedName[rdnDex],
+ *nssObj.rdns[rdnDex], coder);
+ }
+}
+
+#pragma mark ----- Name Normalization -----
+
+void CL_normalizeString(
+ char *strPtr,
+ int &strLen) // IN/OUT
+{
+ char *pCh = strPtr; // working ptr
+ char *pD = pCh; // start of good string chars
+ char *pEos = pCh + strLen - 1;
+
+ if(strLen == 0) {
+ return;
+ }
+
+ /* adjust if Length included NULL terminator */
+ while(*pEos == 0) {
+ pEos--;
+ }
+
+ /* Remove trailing spaces */
+ while(isspace(*pEos)) {
+ pEos--;
+ }
+
+ /* Point to one past last non-space character */
+ pEos++;
+
+ /* upper case */
+ while(pCh < pEos) {
+ *pCh = toupper(*pCh);
+ pCh++;
+ }
+
+ /* clean out whitespace */
+ /*
+ * 1. skip all leading whitespace
+ */
+ pCh = pD;
+ while(isspace(*pCh) && (pCh < pEos)) {
+ pCh++;
+ }
+
+ /*
+ * 2. eliminate multiple whitespace.
+ * pCh points to first non-white char.
+ * pD still points to start of string
+ */
+ char ch;
+ while(pCh < pEos) {
+ ch = *pCh++;
+ *pD++ = ch; // normal case
+ if( isspace(ch) ){
+ /* skip 'til next nonwhite */
+ while(isspace(*pCh) && (pCh < pEos)) {
+ pCh++;
+ }
+ }
+ };
+
+ strLen = (int)(pD - strPtr);
+}
+
+/*
+ * Normalize an RDN. Per RFC2459 (4.1.2.4), printable strings are case
+ * insensitive and we're supposed to ignore leading and trailing
+ * whitespace, and collapse multiple whitespace characters into one.
+ *
+ * Incoming NSS_Name is assumed to be entirely within specifed coder's
+ * address space; we'll be munging some of that and possibly replacing
+ * some pointers with others allocated from the same space.
+ */
+void CL_normalizeX509NameNSS(
+ NSS_Name &nssName,
+ SecNssCoder &coder)
+{
+ unsigned numRdns = clNssArraySize((const void **)nssName.rdns);
+ if(numRdns == 0) {
+ /* not technically an error */
+ return;
+ }
+
+ for(unsigned rdnDex=0; rdnDex<numRdns; rdnDex++) {
+ NSS_RDN *rdn = nssName.rdns[rdnDex];
+ assert(rdn != NULL);
+ unsigned numAttrs = clNssArraySize((const void **)rdn->atvs);
+ if(numAttrs == 0) {
+ clFieldLog("clNormalizeX509Name: zero numAttrs at index %d", rdnDex);
+ continue;
+ }
+
+ /* descend into array of attribute/values */
+ for(unsigned attrDex=0; attrDex<numAttrs; attrDex++) {
+ NSS_ATV *attr = rdn->atvs[attrDex];
+ assert(attr != NULL);
+
+ /*
+ * attr->value is an ASN_ANY containing an encoded
+ * string. We only normalize Prinatable String types.
+ * If we find one, decode it, normalize it, encode the
+ * result, and put the encoding back in attr->value.
+ * We temporarily "leak" the original string, which only
+ * has a lifetime of the incoming SecNssCoder.
+ */
+ NSS_TaggedItem &attrVal = attr->value;
+ if(attrVal.tag != SEC_ASN1_PRINTABLE_STRING) {
+ /* skip it */
+ continue;
+ }
+
+ /* normalize */
+ char *strPtr = (char *)attrVal.item.Data;
+ int newLen = (int)attrVal.item.Length;
+ CL_normalizeString(strPtr, newLen);
+
+ /* possible length adjustment */
+ attrVal.item.Length = newLen;
+ } /* for each attribute/value */
+ } /* for each RDN */
+}
+
+#pragma mark ----- CE_GeneralNames <--> NSS_GeneralNames -----
+
+void CL_nssGeneralNameToCssm(
+ NSS_GeneralName &nssObj,
+ CE_GeneralName &cdsaObj,
+ SecNssCoder &coder, // for temp decoding
+ Allocator &alloc) // destination
+{
+ memset(&cdsaObj, 0, sizeof(cdsaObj));
+ PRErrorCode prtn;
+
+ /* for caller's CE_GeneralName */
+ CSSM_BOOL berEncoded = CSSM_FALSE;
+ CE_GeneralNameType cdsaTag;
+
+ /*
+ * At this point, depending on the decoded object's tag, we either
+ * have the final bytes to copy out, or we need to decode further.
+ * After this switch, if doCopy is true, give the caller a copy
+ * of nssObj.item.
+ */
+ bool doCopy = true;
+ switch(nssObj.tag) {
+ case NGT_OtherName: // ASN_ANY -> CE_OtherName
+ {
+ cdsaTag = GNT_OtherName;
+
+ /* decode to coder memory */
+ CE_OtherName *nssOther =
+ (CE_OtherName *)coder.malloc(sizeof(CE_OtherName));
+ memset(nssOther, 0, sizeof(CE_OtherName));
+ prtn = coder.decodeItem(nssObj.item,
+ kSecAsn1GenNameOtherNameTemplate,
+ nssOther);
+ if(prtn) {
+ clErrorLog("CL_nssGeneralNameToCssm: error decoding "
+ "OtherName\n");
+ CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT);
+ }
+
+ /* copy out to caller */
+ clAllocData(alloc, cdsaObj.name, sizeof(CE_OtherName));
+ clCopyOtherName(*nssOther, *((CE_OtherName *)cdsaObj.name.Data),
+ alloc);
+ doCopy = false;
+ break;
+ }
+ case NGT_RFC822Name: // IA5String, done
+ cdsaTag = GNT_RFC822Name;
+ break;
+ case NGT_DNSName: // IA5String
+ cdsaTag = GNT_DNSName;
+ break;
+ case NGT_X400Address: // ASY_ANY, leave alone
+ cdsaTag = GNT_X400Address;
+ berEncoded = CSSM_TRUE;
+ break;
+ case NGT_DirectoryName: // ASN_ANY --> NSS_Name
+ {
+ cdsaTag = GNT_DirectoryName;
+
+ /* Decode to coder memory */
+ NSS_Name *nssName = (NSS_Name *)coder.malloc(sizeof(NSS_Name));
+ memset(nssName, 0, sizeof(NSS_Name));
+ prtn = coder.decodeItem(nssObj.item, kSecAsn1NameTemplate, nssName);
+ if(prtn) {
+ clErrorLog("CL_nssGeneralNameToCssm: error decoding "
+ "NSS_Name\n");
+ CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT);
+ }
+
+ /* convert & copy out to caller */
+ clAllocData(alloc, cdsaObj.name, sizeof(CSSM_X509_NAME));
+ CL_nssNameToCssm(*nssName,
+ *((CSSM_X509_NAME *)cdsaObj.name.Data), alloc);
+ doCopy = false;
+ break;
+ }
+ case NGT_EdiPartyName: // ASN_ANY, leave alone
+ cdsaTag = GNT_EdiPartyName;
+ berEncoded = CSSM_TRUE;
+ break;
+ case NGT_URI: // IA5String
+ cdsaTag = GNT_URI;
+ break;
+ case NGT_IPAddress: // OCTET_STRING
+ cdsaTag = GNT_IPAddress;
+ break;
+ case NGT_RegisteredID: // OID
+ cdsaTag = GNT_RegisteredID;
+ break;
+ default:
+ clErrorLog("CL_nssGeneralNameToCssm: bad name tag\n");
+ CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT);
+ }
+
+ cdsaObj.nameType = cdsaTag;
+ cdsaObj.berEncoded = berEncoded;
+ if(doCopy) {
+ clAllocCopyData(alloc, nssObj.item, cdsaObj.name);
+ }
+}
+
+void CL_nssGeneralNamesToCssm(
+ const NSS_GeneralNames &nssObj,
+ CE_GeneralNames &cdsaObj,
+ SecNssCoder &coder, // for temp decoding
+ Allocator &alloc) // destination
+{
+ memset(&cdsaObj, 0, sizeof(cdsaObj));
+ unsigned numNames = clNssArraySize((const void **)nssObj.names);
+ if(numNames == 0) {
+ return;
+ }
+
+ /*
+ * Decode each name element, currently a raw ASN_ANY blob.
+ * Then convert each result into CDSA form.
+ * This array of (NSS_GeneralName)s is temporary, it doesn't
+ * persist outside of this routine other than the fact that it's
+ * mallocd by the coder arena pool.
+ */
+ NSS_GeneralName *names =
+ (NSS_GeneralName *)coder.malloc(sizeof(NSS_GeneralName) * numNames);
+ memset(names, 0, sizeof(NSS_GeneralName) * numNames);
+ cdsaObj.generalName = (CE_GeneralName *)alloc.malloc(
+ sizeof(CE_GeneralName) * numNames);
+ cdsaObj.numNames = numNames;
+
+ for(unsigned dex=0; dex<numNames; dex++) {
+ if(coder.decodeItem(*nssObj.names[dex], kSecAsn1GeneralNameTemplate,
+ &names[dex])) {
+ clErrorLog("***CL_nssGeneralNamesToCssm: Error decoding "
+ "General.name\n");
+ CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT);
+ }
+
+ CL_nssGeneralNameToCssm(names[dex],
+ cdsaObj.generalName[dex],
+ coder, alloc);
+ }
+}
+
+void CL_cssmGeneralNameToNss(
+ CE_GeneralName &cdsaObj,
+ NSS_GeneralName &nssObj, // actually an NSSTaggedItem
+ SecNssCoder &coder) // for temp decoding
+{
+ memset(&nssObj, 0, sizeof(nssObj));
+
+ /*
+ * The default here is just to use the app-supplied data as is...
+ */
+ nssObj.item = cdsaObj.name;
+ unsigned char itemTag; // for nssObj.tag
+ bool doCopy = false; // unless we have to modify tag byte
+ unsigned char overrideTag; // to force context-specific tag for
+ // an ASN_ANY
+ PRErrorCode prtn;
+
+ switch(cdsaObj.nameType) {
+ case GNT_OtherName:
+ /*
+ * Caller supplies an CE_OtherName. Encode it.
+ */
+ if((cdsaObj.name.Length != sizeof(CE_OtherName)) ||
+ (cdsaObj.name.Data == NULL)) {
+ clErrorLog("CL_cssmGeneralNameToNss: OtherName.Length"
+ " error\n");
+ CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT);
+ }
+ prtn = coder.encodeItem(cdsaObj.name.Data,
+ kSecAsn1OtherNameTemplate, nssObj.item);
+ if(prtn) {
+ clErrorLog("CL_cssmGeneralNameToNss: OtherName encode"
+ " error\n");
+ CssmError::throwMe(CSSMERR_CL_MEMORY_ERROR);
+ }
+ itemTag = NGT_OtherName;
+ break;
+ case GNT_RFC822Name: // IA5String
+ itemTag = NGT_RFC822Name;
+ break;
+ case GNT_DNSName: // IA5String
+ itemTag = NGT_DNSName;
+ break;
+ case GNT_X400Address: // caller's resposibility
+ /*
+ * Encoded as ASN_ANY, the only thing we do is to
+ * force the correct context-specific tag
+ */
+ itemTag = GNT_X400Address;
+ if(!cdsaObj.berEncoded) {
+ clErrorLog("CL_cssmGeneralNameToNss: X400Address must"
+ " be BER-encoded\n");
+ CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT);
+ }
+ overrideTag = SEC_ASN1_CONTEXT_SPECIFIC |
+ SEC_ASN1_CONSTRUCTED | NGT_X400Address;
+ doCopy = true;
+ break;
+ case GNT_DirectoryName:
+ {
+ /*
+ * Caller supplies an CSSM_X509_NAME. Convert to NSS
+ * format and encode it.
+ */
+ if((cdsaObj.name.Length != sizeof(CSSM_X509_NAME)) ||
+ (cdsaObj.name.Data == NULL)) {
+ clErrorLog("CL_cssmGeneralNameToNss: DirectoryName.Length"
+ " error\n");
+ CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT);
+ }
+ NSS_Name nssName;
+ CSSM_X509_NAME_PTR cdsaName =
+ (CSSM_X509_NAME_PTR)cdsaObj.name.Data;
+ CL_cssmNameToNss(*cdsaName, nssName, coder);
+ prtn = coder.encodeItem(&nssName,
+ kSecAsn1NameTemplate, nssObj.item);
+ if(prtn) {
+ clErrorLog("CL_cssmGeneralNameToNss: X509Name encode"
+ " error\n");
+ CssmError::throwMe(CSSMERR_CL_MEMORY_ERROR);
+ }
+ itemTag = GNT_DirectoryName;
+
+ /*
+ * AND, munge the tag to make it a context-specific
+ * sequence
+ * no, not needed, this is wrapped in an explicit...
+ */
+ //nssObj.item.Data[0] = SEC_ASN1_CONTEXT_SPECIFIC |
+ // SEC_ASN1_CONSTRUCTED | GNT_DirectoryName;
+
+ break;
+ }
+ case GNT_EdiPartyName: // caller's resposibility
+ /*
+ * Encoded as ASN_ANY, the only thing we do is to
+ * force the correct context-specific tag
+ */
+ itemTag = GNT_EdiPartyName;
+ if(!cdsaObj.berEncoded) {
+ clErrorLog("CL_cssmGeneralNameToNss: EdiPartyName must"
+ " be BER-encoded\n");
+ CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT);
+ }
+ overrideTag = SEC_ASN1_CONTEXT_SPECIFIC | NGT_X400Address;
+ doCopy = true;
+ break;
+ case GNT_URI: // IA5String
+ itemTag = GNT_URI;
+ break;
+ case GNT_IPAddress: // OCTET_STRING
+ itemTag = NGT_IPAddress;
+ break;
+ case GNT_RegisteredID: // OID
+ itemTag = NGT_RegisteredID;
+ break;
+ default:
+ clErrorLog("CL_cssmGeneralNameToNss: bad name tag\n");
+ CssmError::throwMe(CSSMERR_CL_UNKNOWN_TAG);
+ }
+ if(doCopy) {
+ coder.allocCopyItem(cdsaObj.name, nssObj.item);
+ nssObj.item.Data[0] = overrideTag;
+ }
+ nssObj.tag = itemTag;
+}
+
+void CL_cssmGeneralNamesToNss(
+ const CE_GeneralNames &cdsaObj,
+ NSS_GeneralNames &nssObj,
+ SecNssCoder &coder)
+{
+ uint32 numNames = cdsaObj.numNames;
+ nssObj.names = (CSSM_DATA **)clNssNullArray(numNames, coder);
+
+ /*
+ * Convert each element in cdsaObj to NSS form, encode, drop into
+ * the ASN_ANY array.
+ *
+ * This array of (NSS_GeneralName)s is temporary, it doesn't
+ * persist outside of this routine other than the fact that it's
+ * mallocd by the coder arena pool.
+ */
+ NSS_GeneralName *names =
+ (NSS_GeneralName *)coder.malloc(sizeof(NSS_GeneralName) * numNames);
+ memset(names, 0, sizeof(NSS_GeneralName) * numNames);
+ for(unsigned dex=0; dex<cdsaObj.numNames; dex++) {
+ nssObj.names[dex] = (CSSM_DATA_PTR)coder.malloc(sizeof(CSSM_DATA));
+ memset(nssObj.names[dex], 0, sizeof(CSSM_DATA));
+ CL_cssmGeneralNameToNss(cdsaObj.generalName[dex],
+ names[dex], coder);
+ if(coder.encodeItem(&names[dex], kSecAsn1GeneralNameTemplate,
+ *nssObj.names[dex])) {
+ clErrorLog("***Error encoding General.name\n");
+ CssmError::throwMe(CSSMERR_CL_MEMORY_ERROR);
+ }
+ }
+}
+
+/* Copy a CE_OtherName */
+void clCopyOtherName(
+ const CE_OtherName &src,
+ CE_OtherName &dst,
+ Allocator &alloc)
+{
+ clAllocCopyData(alloc, src.typeId, dst.typeId);
+ clAllocCopyData(alloc, src.value, dst.value);
+}
+
+#pragma mark ----- Name-related Free -----
+
+void CL_freeAuthorityKeyId(
+ CE_AuthorityKeyID &cdsaObj,
+ Allocator &alloc)
+{
+ alloc.free(cdsaObj.keyIdentifier.Data);
+ CL_freeCssmGeneralNames(cdsaObj.generalNames, alloc);
+ alloc.free(cdsaObj.generalNames);
+ alloc.free(cdsaObj.serialNumber.Data);
+ memset(&cdsaObj, 0, sizeof(CE_AuthorityKeyID));
+}
+
+void CL_freeCssmGeneralName(
+ CE_GeneralName &genName,
+ Allocator &alloc)
+{
+ switch(genName.nameType) {
+ /*
+ * Two special cases here.
+ */
+ case GNT_DirectoryName:
+ if((!genName.berEncoded) && // we're flexible
+ (genName.name.Length ==
+ sizeof(CSSM_X509_NAME))) { // paranoia
+ CL_freeX509Name((CSSM_X509_NAME_PTR)genName.name.Data, alloc);
+ }
+ break;
+
+ case GNT_OtherName:
+ if((!genName.berEncoded) && // we're flexible
+ (genName.name.Length ==
+ sizeof(CE_OtherName))) { // paranoia
+ CE_OtherName *con = (CE_OtherName *)genName.name.Data;
+ CL_freeOtherName(con, alloc);
+ }
+ break;
+ default:
+ break;
+ }
+ /* and always free this */
+ alloc.free(genName.name.Data);
+}
+
+void CL_freeCssmGeneralNames(
+ CE_GeneralNames *cdsaObj,
+ Allocator &alloc)
+{
+ if(cdsaObj == NULL) {
+ return;
+ }
+ for(unsigned i=0; i<cdsaObj->numNames; i++) {
+ CL_freeCssmGeneralName(cdsaObj->generalName[i], alloc);
+ }
+ if(cdsaObj->numNames) {
+ memset(cdsaObj->generalName, 0, cdsaObj->numNames * sizeof(CE_GeneralName));
+ alloc.free(cdsaObj->generalName);
+ }
+ memset(cdsaObj, 0, sizeof(CE_GeneralNames));
+}
+
+void CL_freeCssmDistPointName(
+ CE_DistributionPointName *cssmDpn,
+ Allocator &alloc)
+{
+ if(cssmDpn == NULL) {
+ return;
+ }
+ switch(cssmDpn->nameType) {
+ case CE_CDNT_FullName:
+ CL_freeCssmGeneralNames(cssmDpn->dpn.fullName, alloc);
+ alloc.free(cssmDpn->dpn.fullName);
+ break;
+ case CE_CDNT_NameRelativeToCrlIssuer:
+ CL_freeX509Rdn(cssmDpn->dpn.rdn, alloc);
+ alloc.free(cssmDpn->dpn.rdn);
+ break;
+ }
+ memset(cssmDpn, 0, sizeof(*cssmDpn));
+}
+
+void CL_freeCssmDistPoints(
+ CE_CRLDistPointsSyntax *cssmDps,
+ Allocator &alloc)
+{
+ if(cssmDps == NULL) {
+ return;
+ }
+ for(unsigned dex=0; dex<cssmDps->numDistPoints; dex++) {
+ CE_CRLDistributionPoint *cssmDp = &cssmDps->distPoints[dex];
+ if(cssmDp->distPointName) {
+ CL_freeCssmDistPointName(cssmDp->distPointName, alloc);
+ alloc.free(cssmDp->distPointName);
+ }
+ if(cssmDp->crlIssuer) {
+ CL_freeCssmGeneralNames(cssmDp->crlIssuer, alloc);
+ alloc.free(cssmDp->crlIssuer);
+ }
+ }
+ memset(cssmDps->distPoints, 0,
+ cssmDps->numDistPoints * sizeof(CE_CRLDistributionPoint));
+ alloc.free(cssmDps->distPoints);
+ memset(cssmDps, 0, sizeof(*cssmDps));
+}
+
+/* free contents of an CSSM_X509_NAME */
+void CL_freeX509Name(
+ CSSM_X509_NAME_PTR x509Name,
+ Allocator &alloc)
+{
+ if(x509Name == NULL) {
+ return;
+ }
+ for(unsigned rdnDex=0; rdnDex<x509Name->numberOfRDNs; rdnDex++) {
+ CSSM_X509_RDN_PTR rdn = &x509Name->RelativeDistinguishedName[rdnDex];
+ CL_freeX509Rdn(rdn, alloc);
+ }
+ alloc.free(x509Name->RelativeDistinguishedName);
+ memset(x509Name, 0, sizeof(CSSM_X509_NAME));
+}
+
+void CL_freeX509Rdn(
+ CSSM_X509_RDN_PTR rdn,
+ Allocator &alloc)
+{
+ if(rdn == NULL) {
+ return;
+ }
+ for(unsigned atvDex=0; atvDex<rdn->numberOfPairs; atvDex++) {
+ CSSM_X509_TYPE_VALUE_PAIR_PTR atv =
+ &rdn->AttributeTypeAndValue[atvDex];
+ alloc.free(atv->type.Data);
+ alloc.free(atv->value.Data);
+ memset(atv, 0, sizeof(CSSM_X509_TYPE_VALUE_PAIR));
+ }
+ alloc.free(rdn->AttributeTypeAndValue);
+ memset(rdn, 0, sizeof(CSSM_X509_RDN));
+}
+
+void CL_freeOtherName(
+ CE_OtherName *cssmOther,
+ Allocator &alloc)
+{
+ if(cssmOther == NULL) {
+ return;
+ }
+ alloc.free(cssmOther->typeId.Data);
+ alloc.free(cssmOther->value.Data);
+ memset(cssmOther, 0, sizeof(*cssmOther));
+}
+
+void CL_freeCssmIssuingDistPoint(
+ CE_IssuingDistributionPoint *cssmIdp,
+ Allocator &alloc)
+{
+ CL_freeCssmDistPointName(cssmIdp->distPointName, alloc);
+}
+
projects / apple / security.git / blobdiff