From 36d22d82aa202bb199967e9512281e9a53db42c9 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 21:33:14 +0200 Subject: Adding upstream version 115.7.0esr. Signed-off-by: Daniel Baumann --- security/ct/CTUtils.h | 111 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 111 insertions(+) create mode 100644 security/ct/CTUtils.h (limited to 'security/ct/CTUtils.h') diff --git a/security/ct/CTUtils.h b/security/ct/CTUtils.h new file mode 100644 index 0000000000..68ddd927f0 --- /dev/null +++ b/security/ct/CTUtils.h @@ -0,0 +1,111 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef CTUtils_h +#define CTUtils_h + +#include + +#include "cryptohi.h" +#include "keyhi.h" +#include "keythi.h" +#include "pk11pub.h" +#include "mozpkix/Input.h" +#include "mozpkix/Result.h" + +#define MOZILLA_CT_ARRAY_LENGTH(x) (sizeof(x) / sizeof((x)[0])) + +struct DeleteHelper { + void operator()(CERTSubjectPublicKeyInfo* value) { + SECKEY_DestroySubjectPublicKeyInfo(value); + } + void operator()(PK11Context* value) { PK11_DestroyContext(value, true); } + void operator()(PK11SlotInfo* value) { PK11_FreeSlot(value); } + void operator()(SECKEYPublicKey* value) { SECKEY_DestroyPublicKey(value); } + void operator()(SECItem* value) { SECITEM_FreeItem(value, true); } +}; + +template +struct MaybeDeleteHelper { + void operator()(T* ptr) { + if (ptr) { + DeleteHelper del; + del(ptr); + } + } +}; + +typedef std::unique_ptr> + UniqueCERTSubjectPublicKeyInfo; +typedef std::unique_ptr> + UniquePK11Context; +typedef std::unique_ptr> + UniquePK11SlotInfo; +typedef std::unique_ptr> + UniqueSECKEYPublicKey; +typedef std::unique_ptr> UniqueSECItem; + +namespace mozilla { +namespace ct { + +// Reads a TLS-encoded variable length unsigned integer from |in|. +// The integer is expected to be in big-endian order, which is used by TLS. +// Note: does not check if the output parameter overflows while reading. +// |length| indicates the size (in bytes) of the serialized integer. +inline static pkix::Result UncheckedReadUint(size_t length, pkix::Reader& in, + uint64_t& out) { + uint64_t result = 0; + for (size_t i = 0; i < length; ++i) { + uint8_t value; + pkix::Result rv = in.Read(value); + if (rv != pkix::Success) { + return rv; + } + result = (result << 8) | value; + } + out = result; + return pkix::Success; +} + +// Performs overflow sanity checks and calls UncheckedReadUint. +template +pkix::Result ReadUint(pkix::Reader& in, T& out) { + uint64_t value; + static_assert(std::is_unsigned::value, "T must be unsigned"); + static_assert(length <= 8, "At most 8 byte integers can be read"); + static_assert(sizeof(T) >= length, "T must be able to hold bytes"); + pkix::Result rv = UncheckedReadUint(length, in, value); + if (rv != pkix::Success) { + return rv; + } + out = static_cast(value); + return pkix::Success; +} + +// Reads |length| bytes from |in|. +static inline pkix::Result ReadFixedBytes(size_t length, pkix::Reader& in, + pkix::Input& out) { + return in.Skip(length, out); +} + +// Reads a length-prefixed variable amount of bytes from |in|, updating |out| +// on success. |prefixLength| indicates the number of bytes needed to represent +// the length. +template +pkix::Result ReadVariableBytes(pkix::Reader& in, pkix::Input& out) { + size_t length; + pkix::Result rv = ReadUint(in, length); + if (rv != pkix::Success) { + return rv; + } + return ReadFixedBytes(length, in, out); +} + +} // namespace ct +} // namespace mozilla + +#endif // CTUtils_h -- cgit v1.2.3