From 5a8bdcb339d2849a870432cb35e6f637db07edd6 Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Tue, 12 Oct 2010 18:39:10 -0400 Subject: [PATCH 051/150] - encapsulate the raw oid data just a bit --- src/plugins/preauth/pkinit/pkinit_crypto_nss.c | 103 ++++++++++++------------ 1 files changed, 52 insertions(+), 51 deletions(-) diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c index d156f5d..279715d 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c @@ -401,27 +401,27 @@ static SECItem pkinit_nt_upn = { .data = oid_pkinit_name_type_upn_bytes, .len = 10, }; -static unsigned char oid_pkinit_auth_data_bytes[] = - {0x2b, 0x06, 0x01, 0x05, 0x02, 0x03, 0x01}; -static SECOidData -oid_pkinit_auth_data = { - .oid = { - .data = oid_pkinit_auth_data_bytes, - .len = 7, - }, - .offset = 0, - .desc = "PKINIT Client Authentication Data", - .mechanism = CKM_INVALID_MECHANISM, - .supportedExtension = UNSUPPORTED_CERT_EXTENSION, -}; + static SECOidTag get_pkinit_data_auth_data_tag(void) { - static SECOidTag tag = SEC_OID_UNKNOWN; - if (tag == SEC_OID_UNKNOWN) { - tag = SECOID_AddEntry(&oid_pkinit_auth_data); + static unsigned char oid_pkinit_auth_data_bytes[] = + {0x2b, 0x06, 0x01, 0x05, 0x02, 0x03, 0x01}; + static SECOidData oid_pkinit_auth_data = { + .oid = { + .data = oid_pkinit_auth_data_bytes, + .len = 7, + }, + .offset = SEC_OID_UNKNOWN, + .desc = "PKINIT Client Authentication Data", + .mechanism = CKM_INVALID_MECHANISM, + .supportedExtension = UNSUPPORTED_CERT_EXTENSION, + }; + if (oid_pkinit_auth_data.offset == SEC_OID_UNKNOWN) { + oid_pkinit_auth_data.offset = + SECOID_AddEntry(&oid_pkinit_auth_data); } - return tag; + return oid_pkinit_auth_data.offset; } struct wrapped_data { @@ -446,50 +446,50 @@ wrapped_data_template[] = { {0, 0, NULL, 0}, }; -static unsigned char oid_pkinit_rkey_data_bytes[] = - {0x2b, 0x06, 0x01, 0x05, 0x02, 0x03, 0x03}; -static SECOidData -oid_pkinit_rkey_data = { - .oid = { - .data = oid_pkinit_rkey_data_bytes, - .len = 7, - }, - .offset = 0, - .desc = "PKINIT Reply Key Data", - .mechanism = CKM_INVALID_MECHANISM, - .supportedExtension = UNSUPPORTED_CERT_EXTENSION, -}; static SECOidTag get_pkinit_data_rkey_data_tag(void) { - static SECOidTag tag = SEC_OID_UNKNOWN; - if (tag == SEC_OID_UNKNOWN) { - tag = SECOID_AddEntry(&oid_pkinit_rkey_data); + static unsigned char oid_pkinit_rkey_data_bytes[] = + {0x2b, 0x06, 0x01, 0x05, 0x02, 0x03, 0x03}; + static SECOidData + oid_pkinit_rkey_data = { + .oid = { + .data = oid_pkinit_rkey_data_bytes, + .len = 7, + }, + .offset = SEC_OID_UNKNOWN, + .desc = "PKINIT Reply Key Data", + .mechanism = CKM_INVALID_MECHANISM, + .supportedExtension = UNSUPPORTED_CERT_EXTENSION, + }; + if (oid_pkinit_rkey_data.offset == SEC_OID_UNKNOWN) { + oid_pkinit_rkey_data.offset = + SECOID_AddEntry(&oid_pkinit_rkey_data); } - return tag; + return oid_pkinit_rkey_data.offset; } -static unsigned char oid_pkinit_dhkey_data_bytes[] = - {0x2b, 0x06, 0x01, 0x05, 0x02, 0x03, 0x02}; -static SECOidData -oid_pkinit_dhkey_data = { - .oid = { - .data = oid_pkinit_dhkey_data_bytes, - .len = 7, - }, - .offset = 0, - .desc = "PKINIT DH Reply Key Data", - .mechanism = CKM_INVALID_MECHANISM, - .supportedExtension = UNSUPPORTED_CERT_EXTENSION, -}; static SECOidTag get_pkinit_data_dhkey_data_tag(void) { - static SECOidTag tag = SEC_OID_UNKNOWN; - if (tag == SEC_OID_UNKNOWN) { - tag = SECOID_AddEntry(&oid_pkinit_dhkey_data); + static unsigned char oid_pkinit_dhkey_data_bytes[] = + {0x2b, 0x06, 0x01, 0x05, 0x02, 0x03, 0x02}; + static SECOidData + oid_pkinit_dhkey_data = { + .oid = { + .data = oid_pkinit_dhkey_data_bytes, + .len = 7, + }, + .offset = SEC_OID_UNKNOWN, + .desc = "PKINIT DH Reply Key Data", + .mechanism = CKM_INVALID_MECHANISM, + .supportedExtension = UNSUPPORTED_CERT_EXTENSION, + }; + if (oid_pkinit_dhkey_data.offset == SEC_OID_UNKNOWN) { + oid_pkinit_dhkey_data.offset = + SECOID_AddEntry(&oid_pkinit_dhkey_data); } - return tag; + return oid_pkinit_dhkey_data.offset; } static SECItem * @@ -3293,6 +3293,7 @@ crypto_signeddata_common_verify(krb5_context context, PR_LANGUAGE_I_DEFAULT)); return ENOMEM; /* FIXME: better error? */ } + pkiDebug("%s: signer verify passed\n", __FUNCTION__); /* Pull out the payload. */ ecinfo = NSS_CMSSignedData_GetContentInfo(sdata); if (ecinfo == NULL) { -- 1.7.6.4