Coverage Report

Created: 2025-07-01 06:25

/src/nss/lib/certdb/secname.c
Line
Count
Source (jump to first uncovered line)
1
/* This Source Code Form is subject to the terms of the Mozilla Public
2
 * License, v. 2.0. If a copy of the MPL was not distributed with this
3
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4
5
#include "cert.h"
6
#include "secoid.h"
7
#include "secder.h" /* XXX remove this when remove the DERTemplates */
8
#include "secasn1.h"
9
#include "secitem.h"
10
#include <stdarg.h>
11
#include "secerr.h"
12
#include "certi.h"
13
14
static const SEC_ASN1Template cert_AVATemplate[] = {
15
    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTAVA) },
16
    { SEC_ASN1_OBJECT_ID, offsetof(CERTAVA, type) },
17
    { SEC_ASN1_ANY, offsetof(CERTAVA, value) },
18
    { 0 }
19
};
20
21
const SEC_ASN1Template CERT_RDNTemplate[] = {
22
    { SEC_ASN1_SET_OF, offsetof(CERTRDN, avas), cert_AVATemplate,
23
      sizeof(CERTRDN) }
24
};
25
26
static int
27
CountArray(void **array)
28
0
{
29
0
    int count = 0;
30
0
    if (array) {
31
0
        while (*array++) {
32
0
            count++;
33
0
        }
34
0
    }
35
0
    return count;
36
0
}
37
38
static void **
39
AddToArray(PLArenaPool *arena, void **array, void *element)
40
0
{
41
0
    unsigned count;
42
0
    void **ap;
43
44
    /* Count up number of slots already in use in the array */
45
0
    count = 0;
46
0
    ap = array;
47
0
    if (ap) {
48
0
        while (*ap++) {
49
0
            count++;
50
0
        }
51
0
    }
52
53
0
    if (array) {
54
0
        array =
55
0
            (void **)PORT_ArenaGrow(arena, array, (count + 1) * sizeof(void *),
56
0
                                    (count + 2) * sizeof(void *));
57
0
    } else {
58
0
        array = (void **)PORT_ArenaAlloc(arena, (count + 2) * sizeof(void *));
59
0
    }
60
0
    if (array) {
61
0
        array[count] = element;
62
0
        array[count + 1] = 0;
63
0
    }
64
0
    return array;
65
0
}
66
67
SECOidTag
68
CERT_GetAVATag(CERTAVA *ava)
69
0
{
70
0
    SECOidData *oid;
71
0
    if (!ava->type.data)
72
0
        return (SECOidTag)-1;
73
74
0
    oid = SECOID_FindOID(&ava->type);
75
76
0
    if (oid) {
77
0
        return (oid->offset);
78
0
    }
79
0
    return (SECOidTag)-1;
80
0
}
81
82
static SECStatus
83
SetupAVAType(PLArenaPool *arena, SECOidTag type, SECItem *it, unsigned *maxLenp)
84
0
{
85
0
    unsigned char *oid;
86
0
    unsigned oidLen;
87
0
    unsigned char *cp;
88
0
    int maxLen;
89
0
    SECOidData *oidrec;
90
91
0
    oidrec = SECOID_FindOIDByTag(type);
92
0
    if (oidrec == NULL)
93
0
        return SECFailure;
94
95
0
    oid = oidrec->oid.data;
96
0
    oidLen = oidrec->oid.len;
97
98
0
    maxLen = cert_AVAOidTagToMaxLen(type);
99
0
    if (maxLen < 0) {
100
0
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
101
0
        return SECFailure;
102
0
    }
103
104
0
    it->data = cp = (unsigned char *)PORT_ArenaAlloc(arena, oidLen);
105
0
    if (cp == NULL) {
106
0
        return SECFailure;
107
0
    }
108
0
    it->len = oidLen;
109
0
    PORT_Memcpy(cp, oid, oidLen);
110
0
    *maxLenp = (unsigned)maxLen;
111
0
    return SECSuccess;
112
0
}
113
114
static SECStatus
115
SetupAVAValue(PLArenaPool *arena, int valueType, const SECItem *in,
116
              SECItem *out, unsigned maxLen)
117
0
{
118
0
    PRUint8 *value, *cp, *ucs4Val;
119
0
    unsigned valueLen, valueLenLen, total;
120
0
    unsigned ucs4Len = 0, ucs4MaxLen;
121
122
0
    value = in->data;
123
0
    valueLen = in->len;
124
0
    switch (valueType) {
125
0
        case SEC_ASN1_PRINTABLE_STRING:
126
0
        case SEC_ASN1_IA5_STRING:
127
0
        case SEC_ASN1_T61_STRING:
128
0
        case SEC_ASN1_UTF8_STRING: /* no conversion required */
129
0
            break;
130
0
        case SEC_ASN1_UNIVERSAL_STRING:
131
0
            ucs4MaxLen = valueLen * 6;
132
0
            ucs4Val = (PRUint8 *)PORT_ArenaZAlloc(arena, ucs4MaxLen);
133
0
            if (!ucs4Val ||
134
0
                !PORT_UCS4_UTF8Conversion(PR_TRUE, value, valueLen, ucs4Val,
135
0
                                          ucs4MaxLen, &ucs4Len)) {
136
0
                PORT_SetError(SEC_ERROR_INVALID_ARGS);
137
0
                return SECFailure;
138
0
            }
139
0
            value = ucs4Val;
140
0
            valueLen = ucs4Len;
141
0
            maxLen *= 4;
142
0
            break;
143
0
        default:
144
0
            PORT_SetError(SEC_ERROR_INVALID_ARGS);
145
0
            return SECFailure;
146
0
    }
147
148
0
    if (valueLen > maxLen) {
149
0
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
150
0
        return SECFailure;
151
0
    }
152
153
0
    valueLenLen = DER_LengthLength(valueLen);
154
0
    total = 1 + valueLenLen + valueLen;
155
0
    cp = (PRUint8 *)PORT_ArenaAlloc(arena, total);
156
0
    if (!cp) {
157
0
        return SECFailure;
158
0
    }
159
0
    out->data = cp;
160
0
    out->len = total;
161
0
    cp = (PRUint8 *)DER_StoreHeader(cp, valueType, valueLen);
162
0
    PORT_Memcpy(cp, value, valueLen);
163
0
    return SECSuccess;
164
0
}
165
166
CERTAVA *
167
CERT_CreateAVAFromRaw(PLArenaPool *pool, const SECItem *OID,
168
                      const SECItem *value)
169
0
{
170
0
    CERTAVA *ava;
171
0
    int rv;
172
173
0
    ava = PORT_ArenaZNew(pool, CERTAVA);
174
0
    if (ava) {
175
0
        rv = SECITEM_CopyItem(pool, &ava->type, OID);
176
0
        if (rv)
177
0
            return NULL;
178
179
0
        rv = SECITEM_CopyItem(pool, &ava->value, value);
180
0
        if (rv)
181
0
            return NULL;
182
0
    }
183
0
    return ava;
184
0
}
185
186
CERTAVA *
187
CERT_CreateAVAFromSECItem(PLArenaPool *arena, SECOidTag kind, int valueType,
188
                          SECItem *value)
189
0
{
190
0
    CERTAVA *ava;
191
0
    int rv;
192
0
    unsigned maxLen;
193
194
0
    ava = (CERTAVA *)PORT_ArenaZAlloc(arena, sizeof(CERTAVA));
195
0
    if (ava) {
196
0
        rv = SetupAVAType(arena, kind, &ava->type, &maxLen);
197
0
        if (rv) {
198
            /* Illegal AVA type */
199
0
            return NULL;
200
0
        }
201
0
        rv = SetupAVAValue(arena, valueType, value, &ava->value, maxLen);
202
0
        if (rv) {
203
            /* Illegal value type */
204
0
            return NULL;
205
0
        }
206
0
    }
207
0
    return ava;
208
0
}
209
210
CERTAVA *
211
CERT_CreateAVA(PLArenaPool *arena, SECOidTag kind, int valueType, char *value)
212
0
{
213
0
    SECItem item = { siBuffer, NULL, 0 };
214
215
0
    item.data = (PRUint8 *)value;
216
0
    item.len = PORT_Strlen(value);
217
218
0
    return CERT_CreateAVAFromSECItem(arena, kind, valueType, &item);
219
0
}
220
221
CERTAVA *
222
CERT_CopyAVA(PLArenaPool *arena, CERTAVA *from)
223
0
{
224
0
    CERTAVA *ava;
225
0
    int rv;
226
227
0
    ava = (CERTAVA *)PORT_ArenaZAlloc(arena, sizeof(CERTAVA));
228
0
    if (ava) {
229
0
        rv = SECITEM_CopyItem(arena, &ava->type, &from->type);
230
0
        if (rv)
231
0
            goto loser;
232
0
        rv = SECITEM_CopyItem(arena, &ava->value, &from->value);
233
0
        if (rv)
234
0
            goto loser;
235
0
    }
236
0
    return ava;
237
238
0
loser:
239
0
    return 0;
240
0
}
241
242
CERTRDN *
243
CERT_CreateRDN(PLArenaPool *arena, CERTAVA *ava0, ...)
244
0
{
245
0
    CERTAVA *ava;
246
0
    CERTRDN *rdn;
247
0
    va_list ap;
248
0
    unsigned count;
249
0
    CERTAVA **avap;
250
251
0
    rdn = (CERTRDN *)PORT_ArenaAlloc(arena, sizeof(CERTRDN));
252
0
    if (rdn) {
253
        /* Count number of avas going into the rdn */
254
0
        count = 0;
255
0
        if (ava0) {
256
0
            count++;
257
0
            va_start(ap, ava0);
258
0
            while (va_arg(ap, CERTAVA *) != 0) {
259
0
                count++;
260
0
            }
261
0
            va_end(ap);
262
0
        }
263
264
        /* Now fill in the pointers */
265
0
        rdn->avas = avap =
266
0
            (CERTAVA **)PORT_ArenaAlloc(arena, (count + 1) * sizeof(CERTAVA *));
267
0
        if (!avap) {
268
0
            return 0;
269
0
        }
270
0
        if (ava0) {
271
0
            *avap++ = ava0;
272
0
            va_start(ap, ava0);
273
0
            while ((ava = va_arg(ap, CERTAVA *)) != 0) {
274
0
                *avap++ = ava;
275
0
            }
276
0
            va_end(ap);
277
0
        }
278
0
        *avap++ = 0;
279
0
    }
280
0
    return rdn;
281
0
}
282
283
SECStatus
284
CERT_AddAVA(PLArenaPool *arena, CERTRDN *rdn, CERTAVA *ava)
285
0
{
286
0
    rdn->avas = (CERTAVA **)AddToArray(arena, (void **)rdn->avas, ava);
287
0
    return rdn->avas ? SECSuccess : SECFailure;
288
0
}
289
290
SECStatus
291
CERT_CopyRDN(PLArenaPool *arena, CERTRDN *to, CERTRDN *from)
292
0
{
293
0
    CERTAVA **avas, *fava, *tava;
294
0
    SECStatus rv = SECSuccess;
295
296
    /* Copy each ava from from */
297
0
    avas = from->avas;
298
0
    if (avas) {
299
0
        if (avas[0] == NULL) {
300
0
            rv = CERT_AddAVA(arena, to, NULL);
301
0
            return rv;
302
0
        }
303
0
        while ((fava = *avas++) != 0) {
304
0
            tava = CERT_CopyAVA(arena, fava);
305
0
            if (!tava) {
306
0
                rv = SECFailure;
307
0
                break;
308
0
            }
309
0
            rv = CERT_AddAVA(arena, to, tava);
310
0
            if (rv != SECSuccess)
311
0
                break;
312
0
        }
313
0
    }
314
0
    return rv;
315
0
}
316
317
/************************************************************************/
318
319
const SEC_ASN1Template CERT_NameTemplate[] = {
320
    { SEC_ASN1_SEQUENCE_OF, offsetof(CERTName, rdns), CERT_RDNTemplate,
321
      sizeof(CERTName) }
322
};
323
324
SEC_ASN1_CHOOSER_IMPLEMENT(CERT_NameTemplate)
325
326
CERTName *
327
CERT_CreateName(CERTRDN *rdn0, ...)
328
0
{
329
0
    CERTRDN *rdn;
330
0
    CERTName *name;
331
0
    va_list ap;
332
0
    unsigned count;
333
0
    CERTRDN **rdnp;
334
0
    PLArenaPool *arena;
335
336
0
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
337
0
    if (!arena) {
338
0
        return (0);
339
0
    }
340
341
0
    name = (CERTName *)PORT_ArenaAlloc(arena, sizeof(CERTName));
342
0
    if (name) {
343
0
        name->arena = arena;
344
345
        /* Count number of RDNs going into the Name */
346
0
        if (!rdn0) {
347
0
            count = 0;
348
0
        } else {
349
0
            count = 1;
350
0
            va_start(ap, rdn0);
351
0
            while (va_arg(ap, CERTRDN *) != 0) {
352
0
                count++;
353
0
            }
354
0
            va_end(ap);
355
0
        }
356
357
        /* Allocate space (including space for terminal null ptr) */
358
0
        name->rdns = rdnp =
359
0
            (CERTRDN **)PORT_ArenaAlloc(arena, (count + 1) * sizeof(CERTRDN *));
360
0
        if (!name->rdns) {
361
0
            goto loser;
362
0
        }
363
364
        /* Now fill in the pointers */
365
0
        if (count > 0) {
366
0
            *rdnp++ = rdn0;
367
0
            va_start(ap, rdn0);
368
0
            while ((rdn = va_arg(ap, CERTRDN *)) != 0) {
369
0
                *rdnp++ = rdn;
370
0
            }
371
0
            va_end(ap);
372
0
        }
373
374
        /* null terminate the list */
375
0
        *rdnp++ = 0;
376
0
    }
377
0
    return name;
378
379
0
loser:
380
0
    PORT_FreeArena(arena, PR_FALSE);
381
0
    return (0);
382
0
}
383
384
void
385
CERT_DestroyName(CERTName *name)
386
0
{
387
0
    if (name) {
388
0
        PLArenaPool *arena = name->arena;
389
0
        name->rdns = NULL;
390
0
        name->arena = NULL;
391
0
        if (arena)
392
0
            PORT_FreeArena(arena, PR_FALSE);
393
0
    }
394
0
}
395
396
SECStatus
397
CERT_AddRDN(CERTName *name, CERTRDN *rdn)
398
0
{
399
0
    name->rdns = (CERTRDN **)AddToArray(name->arena, (void **)name->rdns, rdn);
400
0
    return name->rdns ? SECSuccess : SECFailure;
401
0
}
402
403
SECStatus
404
CERT_CopyName(PLArenaPool *arena, CERTName *to, const CERTName *from)
405
0
{
406
0
    CERTRDN **rdns, *frdn, *trdn;
407
0
    SECStatus rv = SECSuccess;
408
409
0
    if (!to || !from) {
410
0
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
411
0
        return SECFailure;
412
0
    }
413
414
0
    CERT_DestroyName(to);
415
0
    to->arena = arena;
416
417
    /* Copy each rdn from from */
418
0
    rdns = from->rdns;
419
0
    if (rdns) {
420
0
        if (rdns[0] == NULL) {
421
0
            rv = CERT_AddRDN(to, NULL);
422
0
            return rv;
423
0
        }
424
0
        while ((frdn = *rdns++) != NULL) {
425
0
            trdn = CERT_CreateRDN(arena, NULL);
426
0
            if (!trdn) {
427
0
                rv = SECFailure;
428
0
                break;
429
0
            }
430
0
            rv = CERT_CopyRDN(arena, trdn, frdn);
431
0
            if (rv != SECSuccess)
432
0
                break;
433
0
            rv = CERT_AddRDN(to, trdn);
434
0
            if (rv != SECSuccess)
435
0
                break;
436
0
        }
437
0
    }
438
0
    return rv;
439
0
}
440
441
/************************************************************************/
442
443
static void
444
canonicalize(SECItem *foo)
445
0
{
446
0
    int ch, lastch, len, src, dest;
447
448
    /* strip trailing whitespace. */
449
0
    len = foo->len;
450
0
    while (len > 0 && ((ch = foo->data[len - 1]) == ' ' || ch == '\t' ||
451
0
                       ch == '\r' || ch == '\n')) {
452
0
        len--;
453
0
    }
454
455
0
    src = 0;
456
    /* strip leading whitespace. */
457
0
    while (src < len && ((ch = foo->data[src]) == ' ' || ch == '\t' ||
458
0
                         ch == '\r' || ch == '\n')) {
459
0
        src++;
460
0
    }
461
0
    dest = 0;
462
0
    lastch = ' ';
463
0
    while (src < len) {
464
0
        ch = foo->data[src++];
465
0
        if (ch == ' ' || ch == '\t' || ch == '\r' || ch == '\n') {
466
0
            ch = ' ';
467
0
            if (ch == lastch)
468
0
                continue;
469
0
        } else if (ch >= 'A' && ch <= 'Z') {
470
0
            ch |= 0x20; /* downshift */
471
0
        }
472
0
        foo->data[dest++] = lastch = ch;
473
0
    }
474
0
    foo->len = dest;
475
0
}
476
477
/* SECItems a and b contain DER-encoded printable strings. */
478
SECComparison
479
CERT_CompareDERPrintableStrings(const SECItem *a, const SECItem *b)
480
0
{
481
0
    SECComparison rv = SECLessThan;
482
0
    SECItem *aVal = CERT_DecodeAVAValue(a);
483
0
    SECItem *bVal = CERT_DecodeAVAValue(b);
484
485
0
    if (aVal && aVal->len && aVal->data && bVal && bVal->len && bVal->data) {
486
0
        canonicalize(aVal);
487
0
        canonicalize(bVal);
488
0
        rv = SECITEM_CompareItem(aVal, bVal);
489
0
    }
490
0
    SECITEM_FreeItem(aVal, PR_TRUE);
491
0
    SECITEM_FreeItem(bVal, PR_TRUE);
492
0
    return rv;
493
0
}
494
495
SECComparison
496
CERT_CompareAVA(const CERTAVA *a, const CERTAVA *b)
497
0
{
498
0
    SECComparison rv;
499
500
0
    rv = SECITEM_CompareItem(&a->type, &b->type);
501
0
    if (SECEqual != rv)
502
0
        return rv; /* Attribute types don't match. */
503
    /* Let's be optimistic.  Maybe the values will just compare equal. */
504
0
    rv = SECITEM_CompareItem(&a->value, &b->value);
505
0
    if (SECEqual == rv)
506
0
        return rv; /* values compared exactly. */
507
0
    if (a->value.len && a->value.data && b->value.len && b->value.data) {
508
        /* Here, the values did not match.
509
        ** If the values had different encodings, convert them to the same
510
        ** encoding and compare that way.
511
        */
512
0
        if (a->value.data[0] != b->value.data[0]) {
513
            /* encodings differ.  Convert both to UTF-8 and compare. */
514
0
            SECItem *aVal = CERT_DecodeAVAValue(&a->value);
515
0
            SECItem *bVal = CERT_DecodeAVAValue(&b->value);
516
0
            if (aVal && aVal->len && aVal->data && bVal && bVal->len &&
517
0
                bVal->data) {
518
0
                rv = SECITEM_CompareItem(aVal, bVal);
519
0
            }
520
0
            SECITEM_FreeItem(aVal, PR_TRUE);
521
0
            SECITEM_FreeItem(bVal, PR_TRUE);
522
0
        } else if (a->value.data[0] == 0x13) { /* both are printable strings. */
523
            /* printable strings */
524
0
            rv = CERT_CompareDERPrintableStrings(&a->value, &b->value);
525
0
        }
526
0
    }
527
0
    return rv;
528
0
}
529
530
SECComparison
531
CERT_CompareRDN(const CERTRDN *a, const CERTRDN *b)
532
0
{
533
0
    CERTAVA **aavas, *aava;
534
0
    CERTAVA **bavas, *bava;
535
0
    int ac, bc;
536
0
    SECComparison rv = SECEqual;
537
538
0
    aavas = a->avas;
539
0
    bavas = b->avas;
540
541
    /*
542
    ** Make sure array of ava's are the same length. If not, then we are
543
    ** not equal
544
    */
545
0
    ac = CountArray((void **)aavas);
546
0
    bc = CountArray((void **)bavas);
547
0
    if (ac < bc)
548
0
        return SECLessThan;
549
0
    if (ac > bc)
550
0
        return SECGreaterThan;
551
552
0
    while (NULL != (aava = *aavas++)) {
553
0
        for (bavas = b->avas; NULL != (bava = *bavas++);) {
554
0
            rv = SECITEM_CompareItem(&aava->type, &bava->type);
555
0
            if (SECEqual == rv) {
556
0
                rv = CERT_CompareAVA(aava, bava);
557
0
                if (SECEqual != rv)
558
0
                    return rv;
559
0
                break;
560
0
            }
561
0
        }
562
0
        if (!bava) /* didn't find a match */
563
0
            return SECGreaterThan;
564
0
    }
565
0
    return rv;
566
0
}
567
568
SECComparison
569
CERT_CompareName(const CERTName *a, const CERTName *b)
570
0
{
571
0
    CERTRDN **ardns;
572
0
    CERTRDN **brdns;
573
0
    int ac, bc;
574
0
    SECComparison rv = SECEqual;
575
576
0
    ardns = a->rdns;
577
0
    brdns = b->rdns;
578
579
    /*
580
    ** Make sure array of rdn's are the same length. If not, then we are
581
    ** not equal
582
    */
583
0
    ac = CountArray((void **)ardns);
584
0
    bc = CountArray((void **)brdns);
585
0
    if (ac < bc)
586
0
        return SECLessThan;
587
0
    if (ac > bc)
588
0
        return SECGreaterThan;
589
590
0
    while (rv == SECEqual && *ardns) {
591
0
        rv = CERT_CompareRDN(*ardns++, *brdns++);
592
0
    }
593
0
    return rv;
594
0
}
595
596
/* Moved from certhtml.c */
597
SECItem *
598
CERT_DecodeAVAValue(const SECItem *derAVAValue)
599
0
{
600
0
    SECItem *retItem;
601
0
    const SEC_ASN1Template *theTemplate = NULL;
602
0
    enum { conv_none,
603
0
           conv_ucs4,
604
0
           conv_ucs2,
605
0
           conv_iso88591 } convert = conv_none;
606
0
    SECItem avaValue = { siBuffer, 0 };
607
0
    PORTCheapArenaPool tmpArena;
608
609
0
    if (!derAVAValue || !derAVAValue->len || !derAVAValue->data) {
610
0
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
611
0
        return NULL;
612
0
    }
613
614
0
    switch (derAVAValue->data[0]) {
615
0
        case SEC_ASN1_UNIVERSAL_STRING:
616
0
            convert = conv_ucs4;
617
0
            theTemplate = SEC_ASN1_GET(SEC_UniversalStringTemplate);
618
0
            break;
619
0
        case SEC_ASN1_IA5_STRING:
620
0
            theTemplate = SEC_ASN1_GET(SEC_IA5StringTemplate);
621
0
            break;
622
0
        case SEC_ASN1_PRINTABLE_STRING:
623
0
            theTemplate = SEC_ASN1_GET(SEC_PrintableStringTemplate);
624
0
            break;
625
0
        case SEC_ASN1_T61_STRING:
626
            /*
627
             * Per common practice, we're not decoding actual T.61, but instead
628
             * treating T61-labeled strings as containing ISO-8859-1.
629
             */
630
0
            convert = conv_iso88591;
631
0
            theTemplate = SEC_ASN1_GET(SEC_T61StringTemplate);
632
0
            break;
633
0
        case SEC_ASN1_BMP_STRING:
634
0
            convert = conv_ucs2;
635
0
            theTemplate = SEC_ASN1_GET(SEC_BMPStringTemplate);
636
0
            break;
637
0
        case SEC_ASN1_UTF8_STRING:
638
            /* No conversion needed ! */
639
0
            theTemplate = SEC_ASN1_GET(SEC_UTF8StringTemplate);
640
0
            break;
641
0
        default:
642
0
            PORT_SetError(SEC_ERROR_INVALID_AVA);
643
0
            return NULL;
644
0
    }
645
646
0
    PORT_Memset(&avaValue, 0, sizeof(SECItem));
647
0
    PORT_InitCheapArena(&tmpArena, DER_DEFAULT_CHUNKSIZE);
648
0
    if (SEC_QuickDERDecodeItem(&tmpArena.arena, &avaValue, theTemplate,
649
0
                               derAVAValue) != SECSuccess) {
650
0
        PORT_DestroyCheapArena(&tmpArena);
651
0
        return NULL;
652
0
    }
653
654
0
    if (convert != conv_none) {
655
0
        unsigned int utf8ValLen = avaValue.len * 3;
656
0
        unsigned char *utf8Val =
657
0
            (unsigned char *)PORT_ArenaZAlloc(&tmpArena.arena, utf8ValLen);
658
659
0
        switch (convert) {
660
0
            case conv_ucs4:
661
0
                if (avaValue.len % 4 != 0 ||
662
0
                    !PORT_UCS4_UTF8Conversion(PR_FALSE, avaValue.data,
663
0
                                              avaValue.len, utf8Val, utf8ValLen,
664
0
                                              &utf8ValLen)) {
665
0
                    PORT_DestroyCheapArena(&tmpArena);
666
0
                    PORT_SetError(SEC_ERROR_INVALID_AVA);
667
0
                    return NULL;
668
0
                }
669
0
                break;
670
0
            case conv_ucs2:
671
0
                if (avaValue.len % 2 != 0 ||
672
0
                    !PORT_UCS2_UTF8Conversion(PR_FALSE, avaValue.data,
673
0
                                              avaValue.len, utf8Val, utf8ValLen,
674
0
                                              &utf8ValLen)) {
675
0
                    PORT_DestroyCheapArena(&tmpArena);
676
0
                    PORT_SetError(SEC_ERROR_INVALID_AVA);
677
0
                    return NULL;
678
0
                }
679
0
                break;
680
0
            case conv_iso88591:
681
0
                if (!PORT_ISO88591_UTF8Conversion(avaValue.data, avaValue.len,
682
0
                                                  utf8Val, utf8ValLen,
683
0
                                                  &utf8ValLen)) {
684
0
                    PORT_DestroyCheapArena(&tmpArena);
685
0
                    PORT_SetError(SEC_ERROR_INVALID_AVA);
686
0
                    return NULL;
687
0
                }
688
0
                break;
689
0
            case conv_none:
690
0
                PORT_Assert(0); /* not reached */
691
0
                break;
692
0
        }
693
694
0
        avaValue.data = utf8Val;
695
0
        avaValue.len = utf8ValLen;
696
0
    }
697
698
0
    retItem = SECITEM_DupItem(&avaValue);
699
0
    PORT_DestroyCheapArena(&tmpArena);
700
0
    return retItem;
701
0
}