/src/nss/lib/certdb/secname.c

Source
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "cert.h"
#include "secoid.h"
#include "secder.h" /* XXX remove this when remove the DERTemplates */
#include "secasn1.h"
#include "secitem.h"
#include <stdarg.h>
#include "secerr.h"
#include "certi.h"

static const SEC_ASN1Template cert_AVATemplate[] = {
    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTAVA) },
    { SEC_ASN1_OBJECT_ID, offsetof(CERTAVA, type) },
    { SEC_ASN1_ANY, offsetof(CERTAVA, value) },
    { 0 }
};

const SEC_ASN1Template CERT_RDNTemplate[] = {
    { SEC_ASN1_SET_OF, offsetof(CERTRDN, avas), cert_AVATemplate,
      sizeof(CERTRDN) }
};

static int
CountArray(void **array)
{
    int count = 0;
    if (array) {
        while (*array++) {
            count++;
        }
    }
    return count;
}

static void **
AddToArray(PLArenaPool *arena, void **array, void *element)
{
    unsigned count;
    void **ap;

    /* Count up number of slots already in use in the array */
    count = 0;
    ap = array;
    if (ap) {
        while (*ap++) {
            count++;
        }
    }

    if (array) {
        array =
            (void **)PORT_ArenaGrow(arena, array, (count + 1) * sizeof(void *),
                                    (count + 2) * sizeof(void *));
    } else {
        array = (void **)PORT_ArenaAlloc(arena, (count + 2) * sizeof(void *));
    }
    if (array) {
        array[count] = element;
        array[count + 1] = 0;
    }
    return array;
}

SECOidTag
CERT_GetAVATag(CERTAVA *ava)
{
    SECOidData *oid;
    if (!ava->type.data)
        return (SECOidTag)-1;

    oid = SECOID_FindOID(&ava->type);

    if (oid) {
        return (oid->offset);
    }
    return (SECOidTag)-1;
}

static SECStatus
SetupAVAType(PLArenaPool *arena, SECOidTag type, SECItem *it, unsigned *maxLenp)
{
    unsigned char *oid;
    unsigned oidLen;
    unsigned char *cp;
    int maxLen;
    SECOidData *oidrec;

    oidrec = SECOID_FindOIDByTag(type);
    if (oidrec == NULL)
        return SECFailure;

    oid = oidrec->oid.data;
    oidLen = oidrec->oid.len;

    maxLen = cert_AVAOidTagToMaxLen(type);
    if (maxLen < 0) {
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
        return SECFailure;
    }

    it->data = cp = (unsigned char *)PORT_ArenaAlloc(arena, oidLen);
    if (cp == NULL) {
        return SECFailure;
    }
    it->len = oidLen;
    PORT_Memcpy(cp, oid, oidLen);
    *maxLenp = (unsigned)maxLen;
    return SECSuccess;
}

static SECStatus
SetupAVAValue(PLArenaPool *arena, int valueType, const SECItem *in,
              SECItem *out, unsigned maxLen)
{
    PRUint8 *value, *cp, *ucs4Val;
    unsigned valueLen, valueLenLen, total;
    unsigned ucs4Len = 0, ucs4MaxLen;

    value = in->data;
    valueLen = in->len;
    switch (valueType) {
        case SEC_ASN1_PRINTABLE_STRING:
        case SEC_ASN1_IA5_STRING:
        case SEC_ASN1_T61_STRING:
        case SEC_ASN1_UTF8_STRING: /* no conversion required */
            break;
        case SEC_ASN1_UNIVERSAL_STRING:
            ucs4MaxLen = valueLen * 6;
            ucs4Val = (PRUint8 *)PORT_ArenaZAlloc(arena, ucs4MaxLen);
            if (!ucs4Val ||
                !PORT_UCS4_UTF8Conversion(PR_TRUE, value, valueLen, ucs4Val,
                                          ucs4MaxLen, &ucs4Len)) {
                PORT_SetError(SEC_ERROR_INVALID_ARGS);
                return SECFailure;
            }
            value = ucs4Val;
            valueLen = ucs4Len;
            maxLen *= 4;
            break;
        default:
            PORT_SetError(SEC_ERROR_INVALID_ARGS);
            return SECFailure;
    }

    if (valueLen > maxLen) {
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
        return SECFailure;
    }

    valueLenLen = DER_LengthLength(valueLen);
    total = 1 + valueLenLen + valueLen;
    cp = (PRUint8 *)PORT_ArenaAlloc(arena, total);
    if (!cp) {
        return SECFailure;
    }
    out->data = cp;
    out->len = total;
    cp = (PRUint8 *)DER_StoreHeader(cp, valueType, valueLen);
    PORT_Memcpy(cp, value, valueLen);
    return SECSuccess;
}

CERTAVA *
CERT_CreateAVAFromRaw(PLArenaPool *pool, const SECItem *OID,
                      const SECItem *value)
{
    CERTAVA *ava;
    int rv;

    ava = PORT_ArenaZNew(pool, CERTAVA);
    if (ava) {
        rv = SECITEM_CopyItem(pool, &ava->type, OID);
        if (rv)
            return NULL;

        rv = SECITEM_CopyItem(pool, &ava->value, value);
        if (rv)
            return NULL;
    }
    return ava;
}

CERTAVA *
CERT_CreateAVAFromSECItem(PLArenaPool *arena, SECOidTag kind, int valueType,
                          SECItem *value)
{
    CERTAVA *ava;
    int rv;
    unsigned maxLen;

    ava = (CERTAVA *)PORT_ArenaZAlloc(arena, sizeof(CERTAVA));
    if (ava) {
        rv = SetupAVAType(arena, kind, &ava->type, &maxLen);
        if (rv) {
            /* Illegal AVA type */
            return NULL;
        }
        rv = SetupAVAValue(arena, valueType, value, &ava->value, maxLen);
        if (rv) {
            /* Illegal value type */
            return NULL;
        }
    }
    return ava;
}

CERTAVA *
CERT_CreateAVA(PLArenaPool *arena, SECOidTag kind, int valueType, char *value)
{
    SECItem item = { siBuffer, NULL, 0 };

    item.data = (PRUint8 *)value;
    item.len = PORT_Strlen(value);

    return CERT_CreateAVAFromSECItem(arena, kind, valueType, &item);
}

CERTAVA *
CERT_CopyAVA(PLArenaPool *arena, CERTAVA *from)
{
    CERTAVA *ava;
    int rv;

    ava = (CERTAVA *)PORT_ArenaZAlloc(arena, sizeof(CERTAVA));
    if (ava) {
        rv = SECITEM_CopyItem(arena, &ava->type, &from->type);
        if (rv)
            goto loser;
        rv = SECITEM_CopyItem(arena, &ava->value, &from->value);
        if (rv)
            goto loser;
    }
    return ava;

loser:
    return 0;
}

CERTRDN *
CERT_CreateRDN(PLArenaPool *arena, CERTAVA *ava0, ...)
{
    CERTAVA *ava;
    CERTRDN *rdn;
    va_list ap;
    unsigned count;
    CERTAVA **avap;

    rdn = (CERTRDN *)PORT_ArenaAlloc(arena, sizeof(CERTRDN));
    if (rdn) {
        /* Count number of avas going into the rdn */
        count = 0;
        if (ava0) {
            count++;
            va_start(ap, ava0);
            while (va_arg(ap, CERTAVA *) != 0) {
                count++;
            }
            va_end(ap);
        }

        /* Now fill in the pointers */
        rdn->avas = avap =
            (CERTAVA **)PORT_ArenaAlloc(arena, (count + 1) * sizeof(CERTAVA *));
        if (!avap) {
            return 0;
        }
        if (ava0) {
            *avap++ = ava0;
            va_start(ap, ava0);
            while ((ava = va_arg(ap, CERTAVA *)) != 0) {
                *avap++ = ava;
            }
            va_end(ap);
        }
        *avap++ = 0;
    }
    return rdn;
}

SECStatus
CERT_AddAVA(PLArenaPool *arena, CERTRDN *rdn, CERTAVA *ava)
{
    rdn->avas = (CERTAVA **)AddToArray(arena, (void **)rdn->avas, ava);
    return rdn->avas ? SECSuccess : SECFailure;
}

SECStatus
CERT_CopyRDN(PLArenaPool *arena, CERTRDN *to, CERTRDN *from)
{
    CERTAVA **avas, *fava, *tava;
    SECStatus rv = SECSuccess;

    /* Copy each ava from from */
    avas = from->avas;
    if (avas) {
        if (avas[0] == NULL) {
            rv = CERT_AddAVA(arena, to, NULL);
            return rv;
        }
        while ((fava = *avas++) != 0) {
            tava = CERT_CopyAVA(arena, fava);
            if (!tava) {
                rv = SECFailure;
                break;
            }
            rv = CERT_AddAVA(arena, to, tava);
            if (rv != SECSuccess)
                break;
        }
    }
    return rv;
}

/************************************************************************/

const SEC_ASN1Template CERT_NameTemplate[] = {
    { SEC_ASN1_SEQUENCE_OF, offsetof(CERTName, rdns), CERT_RDNTemplate,
      sizeof(CERTName) }
};

SEC_ASN1_CHOOSER_IMPLEMENT(CERT_NameTemplate)

CERTName *
CERT_CreateName(CERTRDN *rdn0, ...)
{
    CERTRDN *rdn;
    CERTName *name;
    va_list ap;
    unsigned count;
    CERTRDN **rdnp;
    PLArenaPool *arena;

    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if (!arena) {
        return (0);
    }

    name = (CERTName *)PORT_ArenaAlloc(arena, sizeof(CERTName));
    if (name) {
        name->arena = arena;

        /* Count number of RDNs going into the Name */
        if (!rdn0) {
            count = 0;
        } else {
            count = 1;
            va_start(ap, rdn0);
            while (va_arg(ap, CERTRDN *) != 0) {
                count++;
            }
            va_end(ap);
        }

        /* Allocate space (including space for terminal null ptr) */
        name->rdns = rdnp =
            (CERTRDN **)PORT_ArenaAlloc(arena, (count + 1) * sizeof(CERTRDN *));
        if (!name->rdns) {
            goto loser;
        }

        /* Now fill in the pointers */
        if (count > 0) {
            *rdnp++ = rdn0;
            va_start(ap, rdn0);
            while ((rdn = va_arg(ap, CERTRDN *)) != 0) {
                *rdnp++ = rdn;
            }
            va_end(ap);
        }

        /* null terminate the list */
        *rdnp++ = 0;
    }
    return name;

loser:
    PORT_FreeArena(arena, PR_FALSE);
    return (0);
}

void
CERT_DestroyName(CERTName *name)
{
    if (name) {
        PLArenaPool *arena = name->arena;
        name->rdns = NULL;
        name->arena = NULL;
        if (arena)
            PORT_FreeArena(arena, PR_FALSE);
    }
}

SECStatus
CERT_AddRDN(CERTName *name, CERTRDN *rdn)
{
    name->rdns = (CERTRDN **)AddToArray(name->arena, (void **)name->rdns, rdn);
    return name->rdns ? SECSuccess : SECFailure;
}

SECStatus
CERT_CopyName(PLArenaPool *arena, CERTName *to, const CERTName *from)
{
    CERTRDN **rdns, *frdn, *trdn;
    SECStatus rv = SECSuccess;

    if (!to || !from) {
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
        return SECFailure;
    }

    CERT_DestroyName(to);
    to->arena = arena;

    /* Copy each rdn from from */
    rdns = from->rdns;
    if (rdns) {
        if (rdns[0] == NULL) {
            rv = CERT_AddRDN(to, NULL);
            return rv;
        }
        while ((frdn = *rdns++) != NULL) {
            trdn = CERT_CreateRDN(arena, NULL);
            if (!trdn) {
                rv = SECFailure;
                break;
            }
            rv = CERT_CopyRDN(arena, trdn, frdn);
            if (rv != SECSuccess)
                break;
            rv = CERT_AddRDN(to, trdn);
            if (rv != SECSuccess)
                break;
        }
    }
    return rv;
}

/************************************************************************/

static void
canonicalize(SECItem *foo)
{
    int ch, lastch, len, src, dest;

    /* strip trailing whitespace. */
    len = foo->len;
    while (len > 0 && ((ch = foo->data[len - 1]) == ' ' || ch == '\t' ||
                       ch == '\r' || ch == '\n')) {
        len--;
    }

    src = 0;
    /* strip leading whitespace. */
    while (src < len && ((ch = foo->data[src]) == ' ' || ch == '\t' ||
                         ch == '\r' || ch == '\n')) {
        src++;
    }
    dest = 0;
    lastch = ' ';
    while (src < len) {
        ch = foo->data[src++];
        if (ch == ' ' || ch == '\t' || ch == '\r' || ch == '\n') {
            ch = ' ';
            if (ch == lastch)
                continue;
        } else if (ch >= 'A' && ch <= 'Z') {
            ch |= 0x20; /* downshift */
        }
        foo->data[dest++] = lastch = ch;
    }
    foo->len = dest;
}

/* SECItems a and b contain DER-encoded printable strings. */
SECComparison
CERT_CompareDERPrintableStrings(const SECItem *a, const SECItem *b)
{
    SECComparison rv = SECLessThan;
    SECItem *aVal = CERT_DecodeAVAValue(a);
    SECItem *bVal = CERT_DecodeAVAValue(b);

    if (aVal && aVal->len && aVal->data && bVal && bVal->len && bVal->data) {
        canonicalize(aVal);
        canonicalize(bVal);
        rv = SECITEM_CompareItem(aVal, bVal);
    }
    SECITEM_FreeItem(aVal, PR_TRUE);
    SECITEM_FreeItem(bVal, PR_TRUE);
    return rv;
}

SECComparison
CERT_CompareAVA(const CERTAVA *a, const CERTAVA *b)
{
    SECComparison rv;

    rv = SECITEM_CompareItem(&a->type, &b->type);
    if (SECEqual != rv)
        return rv; /* Attribute types don't match. */
    /* Let's be optimistic.  Maybe the values will just compare equal. */
    rv = SECITEM_CompareItem(&a->value, &b->value);
    if (SECEqual == rv)
        return rv; /* values compared exactly. */
    if (a->value.len && a->value.data && b->value.len && b->value.data) {
        /* Here, the values did not match.
        ** If the values had different encodings, convert them to the same
        ** encoding and compare that way.
        */
        if (a->value.data[0] != b->value.data[0]) {
            /* encodings differ.  Convert both to UTF-8 and compare. */
            SECItem *aVal = CERT_DecodeAVAValue(&a->value);
            SECItem *bVal = CERT_DecodeAVAValue(&b->value);
            if (aVal && aVal->len && aVal->data && bVal && bVal->len &&
                bVal->data) {
                rv = SECITEM_CompareItem(aVal, bVal);
            }
            SECITEM_FreeItem(aVal, PR_TRUE);
            SECITEM_FreeItem(bVal, PR_TRUE);
        } else if (a->value.data[0] == 0x13) { /* both are printable strings. */
            /* printable strings */
            rv = CERT_CompareDERPrintableStrings(&a->value, &b->value);
        }
    }
    return rv;
}

SECComparison
CERT_CompareRDN(const CERTRDN *a, const CERTRDN *b)
{
    CERTAVA **aavas, *aava;
    CERTAVA **bavas, *bava;
    int ac, bc;
    SECComparison rv = SECEqual;

    aavas = a->avas;
    bavas = b->avas;

    /*
    ** Make sure array of ava's are the same length. If not, then we are
    ** not equal
    */
    ac = CountArray((void **)aavas);
    bc = CountArray((void **)bavas);
    if (ac < bc)
        return SECLessThan;
    if (ac > bc)
        return SECGreaterThan;

    while (NULL != (aava = *aavas++)) {
        for (bavas = b->avas; NULL != (bava = *bavas++);) {
            rv = SECITEM_CompareItem(&aava->type, &bava->type);
            if (SECEqual == rv) {
                rv = CERT_CompareAVA(aava, bava);
                if (SECEqual != rv)
                    return rv;
                break;
            }
        }
        if (!bava) /* didn't find a match */
            return SECGreaterThan;
    }
    return rv;
}

SECComparison
CERT_CompareName(const CERTName *a, const CERTName *b)
{
    CERTRDN **ardns;
    CERTRDN **brdns;
    int ac, bc;
    SECComparison rv = SECEqual;

    ardns = a->rdns;
    brdns = b->rdns;

    /*
    ** Make sure array of rdn's are the same length. If not, then we are
    ** not equal
    */
    ac = CountArray((void **)ardns);
    bc = CountArray((void **)brdns);
    if (ac < bc)
        return SECLessThan;
    if (ac > bc)
        return SECGreaterThan;

    while (rv == SECEqual && *ardns) {
        rv = CERT_CompareRDN(*ardns++, *brdns++);
    }
    return rv;
}

/* Moved from certhtml.c */
SECItem *
CERT_DecodeAVAValue(const SECItem *derAVAValue)
{
    SECItem *retItem;
    const SEC_ASN1Template *theTemplate = NULL;
    enum { conv_none,
           conv_ucs4,
           conv_ucs2,
           conv_iso88591 } convert = conv_none;
    SECItem avaValue = { siBuffer, 0 };
    PORTCheapArenaPool tmpArena;

    if (!derAVAValue || !derAVAValue->len || !derAVAValue->data) {
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
        return NULL;
    }

    switch (derAVAValue->data[0]) {
        case SEC_ASN1_UNIVERSAL_STRING:
            convert = conv_ucs4;
            theTemplate = SEC_ASN1_GET(SEC_UniversalStringTemplate);
            break;
        case SEC_ASN1_IA5_STRING:
            theTemplate = SEC_ASN1_GET(SEC_IA5StringTemplate);
            break;
        case SEC_ASN1_PRINTABLE_STRING:
            theTemplate = SEC_ASN1_GET(SEC_PrintableStringTemplate);
            break;
        case SEC_ASN1_T61_STRING:
            /*
             * Per common practice, we're not decoding actual T.61, but instead
             * treating T61-labeled strings as containing ISO-8859-1.
             */
            convert = conv_iso88591;
            theTemplate = SEC_ASN1_GET(SEC_T61StringTemplate);
            break;
        case SEC_ASN1_BMP_STRING:
            convert = conv_ucs2;
            theTemplate = SEC_ASN1_GET(SEC_BMPStringTemplate);
            break;
        case SEC_ASN1_UTF8_STRING:
            /* No conversion needed ! */
            theTemplate = SEC_ASN1_GET(SEC_UTF8StringTemplate);
            break;
        default:
            PORT_SetError(SEC_ERROR_INVALID_AVA);
            return NULL;
    }

    PORT_Memset(&avaValue, 0, sizeof(SECItem));
    PORT_InitCheapArena(&tmpArena, DER_DEFAULT_CHUNKSIZE);
    if (SEC_QuickDERDecodeItem(&tmpArena.arena, &avaValue, theTemplate,
                               derAVAValue) != SECSuccess) {
        PORT_DestroyCheapArena(&tmpArena);
        return NULL;
    }

    if (convert != conv_none) {
        unsigned int utf8ValLen = avaValue.len * 3;
        unsigned char *utf8Val =
            (unsigned char *)PORT_ArenaZAlloc(&tmpArena.arena, utf8ValLen);

        switch (convert) {
            case conv_ucs4:
                if (avaValue.len % 4 != 0 ||
                    !PORT_UCS4_UTF8Conversion(PR_FALSE, avaValue.data,
                                              avaValue.len, utf8Val, utf8ValLen,
                                              &utf8ValLen)) {
                    PORT_DestroyCheapArena(&tmpArena);
                    PORT_SetError(SEC_ERROR_INVALID_AVA);
                    return NULL;
                }
                break;
            case conv_ucs2:
                if (avaValue.len % 2 != 0 ||
                    !PORT_UCS2_UTF8Conversion(PR_FALSE, avaValue.data,
                                              avaValue.len, utf8Val, utf8ValLen,
                                              &utf8ValLen)) {
                    PORT_DestroyCheapArena(&tmpArena);
                    PORT_SetError(SEC_ERROR_INVALID_AVA);
                    return NULL;
                }
                break;
            case conv_iso88591:
                if (!PORT_ISO88591_UTF8Conversion(avaValue.data, avaValue.len,
                                                  utf8Val, utf8ValLen,
                                                  &utf8ValLen)) {
                    PORT_DestroyCheapArena(&tmpArena);
                    PORT_SetError(SEC_ERROR_INVALID_AVA);
                    return NULL;
                }
                break;
            case conv_none:
                PORT_Assert(0); /* not reached */
                break;
        }

        avaValue.data = utf8Val;
        avaValue.len = utf8ValLen;
    }

    retItem = SECITEM_DupItem(&avaValue);
    PORT_DestroyCheapArena(&tmpArena);
    return retItem;
}

Coverage Report

Created: 2026-06-07 07:11

Line	Count	Source
1		/* This Source Code Form is subject to the terms of the Mozilla Public
2		* License, v. 2.0. If a copy of the MPL was not distributed with this
3		* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4
5		#include "cert.h"
6		#include "secoid.h"
7		#include "secder.h" /* XXX remove this when remove the DERTemplates */
8		#include "secasn1.h"
9		#include "secitem.h"
10		#include <stdarg.h>
11		#include "secerr.h"
12		#include "certi.h"
13
14		static const SEC_ASN1Template cert_AVATemplate[] = {
15		{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTAVA) },
16		{ SEC_ASN1_OBJECT_ID, offsetof(CERTAVA, type) },
17		{ SEC_ASN1_ANY, offsetof(CERTAVA, value) },
18		{ 0 }
19		};
20
21		const SEC_ASN1Template CERT_RDNTemplate[] = {
22		{ SEC_ASN1_SET_OF, offsetof(CERTRDN, avas), cert_AVATemplate,
23		sizeof(CERTRDN) }
24		};
25
26		static int
27		CountArray(void **array)
28	55.5k	{
29	55.5k	int count = 0;
30	55.5k	if (array) {
31	191k	while (*array++) {
32	136k	count++;
33	136k	}
34	55.5k	}
35	55.5k	return count;
36	55.5k	}
37
38		static void **
39		AddToArray(PLArenaPool arena, void array, void element)
40	123k	{
41	123k	unsigned count;
42	123k	void **ap;
43
44		/* Count up number of slots already in use in the array */
45	123k	count = 0;
46	123k	ap = array;
47	123k	if (ap) {
48	16.5M	while (*ap++) {
49	16.4M	count++;
50	16.4M	}
51	118k	}
52
53	123k	if (array) {
54	118k	array =
55	118k	(void *)PORT_ArenaGrow(arena, array, (count + 1) sizeof(void *),
56	118k	(count + 2) * sizeof(void *));
57	118k	} else {
58	5.50k	array = (void *)PORT_ArenaAlloc(arena, (count + 2) sizeof(void *));
59	5.50k	}
60	123k	if (array) {
61	123k	array[count] = element;
62	123k	array[count + 1] = 0;
63	123k	}
64	123k	return array;
65	123k	}
66
67		SECOidTag
68		CERT_GetAVATag(CERTAVA *ava)
69	1.02M	{
70	1.02M	SECOidData *oid;
71	1.02M	if (!ava->type.data)
72	0	return (SECOidTag)-1;
73
74	1.02M	oid = SECOID_FindOID(&ava->type);
75
76	1.02M	if (oid) {
77	634k	return (oid->offset);
78	634k	}
79	387k	return (SECOidTag)-1;
80	1.02M	}
81
82		static SECStatus
83		SetupAVAType(PLArenaPool arena, SECOidTag type, SECItem it, unsigned *maxLenp)
84	39.5k	{
85	39.5k	unsigned char *oid;
86	39.5k	unsigned oidLen;
87	39.5k	unsigned char *cp;
88	39.5k	int maxLen;
89	39.5k	SECOidData *oidrec;
90
91	39.5k	oidrec = SECOID_FindOIDByTag(type);
92	39.5k	if (oidrec == NULL)
93	0	return SECFailure;
94
95	39.5k	oid = oidrec->oid.data;
96	39.5k	oidLen = oidrec->oid.len;
97
98	39.5k	maxLen = cert_AVAOidTagToMaxLen(type);
99	39.5k	if (maxLen < 0) {
100	0	PORT_SetError(SEC_ERROR_INVALID_ARGS);
101	0	return SECFailure;
102	0	}
103
104	39.5k	it->data = cp = (unsigned char *)PORT_ArenaAlloc(arena, oidLen);
105	39.5k	if (cp == NULL) {
106	0	return SECFailure;
107	0	}
108	39.5k	it->len = oidLen;
109	39.5k	PORT_Memcpy(cp, oid, oidLen);
110	39.5k	*maxLenp = (unsigned)maxLen;
111	39.5k	return SECSuccess;
112	39.5k	}
113
114		static SECStatus
115		SetupAVAValue(PLArenaPool arena, int valueType, const SECItem in,
116		SECItem *out, unsigned maxLen)
117	39.5k	{
118	39.5k	PRUint8 value, cp, *ucs4Val;
119	39.5k	unsigned valueLen, valueLenLen, total;
120	39.5k	unsigned ucs4Len = 0, ucs4MaxLen;
121
122	39.5k	value = in->data;
123	39.5k	valueLen = in->len;
124	39.5k	switch (valueType) {
125	8.51k	case SEC_ASN1_PRINTABLE_STRING:
126	36.2k	case SEC_ASN1_IA5_STRING:
127	36.2k	case SEC_ASN1_T61_STRING:
128	39.5k	case SEC_ASN1_UTF8_STRING: /* no conversion required */
129	39.5k	break;
130	0	case SEC_ASN1_UNIVERSAL_STRING:
131	0	ucs4MaxLen = valueLen * 6;
132	0	ucs4Val = (PRUint8 *)PORT_ArenaZAlloc(arena, ucs4MaxLen);
133	0	if (!ucs4Val \|\|
134	0	!PORT_UCS4_UTF8Conversion(PR_TRUE, value, valueLen, ucs4Val,
135	0	ucs4MaxLen, &ucs4Len)) {
136	0	PORT_SetError(SEC_ERROR_INVALID_ARGS);
137	0	return SECFailure;
138	0	}
139	0	value = ucs4Val;
140	0	valueLen = ucs4Len;
141	0	maxLen *= 4;
142	0	break;
143	0	default:
144	0	PORT_SetError(SEC_ERROR_INVALID_ARGS);
145	0	return SECFailure;
146	39.5k	}
147
148	39.5k	if (valueLen > maxLen) {
149	12	PORT_SetError(SEC_ERROR_INVALID_ARGS);
150	12	return SECFailure;
151	12	}
152
153	39.5k	valueLenLen = DER_LengthLength(valueLen);
154	39.5k	total = 1 + valueLenLen + valueLen;
155	39.5k	cp = (PRUint8 *)PORT_ArenaAlloc(arena, total);
156	39.5k	if (!cp) {
157	0	return SECFailure;
158	0	}
159	39.5k	out->data = cp;
160	39.5k	out->len = total;
161	39.5k	cp = (PRUint8 *)DER_StoreHeader(cp, valueType, valueLen);
162	39.5k	PORT_Memcpy(cp, value, valueLen);
163	39.5k	return SECSuccess;
164	39.5k	}
165
166		CERTAVA *
167		CERT_CreateAVAFromRaw(PLArenaPool pool, const SECItem OID,
168		const SECItem *value)
169	8.21k	{
170	8.21k	CERTAVA *ava;
171	8.21k	int rv;
172
173	8.21k	ava = PORT_ArenaZNew(pool, CERTAVA);
174	8.21k	if (ava) {
175	8.21k	rv = SECITEM_CopyItem(pool, &ava->type, OID);
176	8.21k	if (rv)
177	0	return NULL;
178
179	8.21k	rv = SECITEM_CopyItem(pool, &ava->value, value);
180	8.21k	if (rv)
181	0	return NULL;
182	8.21k	}
183	8.21k	return ava;
184	8.21k	}
185
186		CERTAVA *
187		CERT_CreateAVAFromSECItem(PLArenaPool *arena, SECOidTag kind, int valueType,
188		SECItem *value)
189	39.5k	{
190	39.5k	CERTAVA *ava;
191	39.5k	int rv;
192	39.5k	unsigned maxLen;
193
194	39.5k	ava = (CERTAVA *)PORT_ArenaZAlloc(arena, sizeof(CERTAVA));
195	39.5k	if (ava) {
196	39.5k	rv = SetupAVAType(arena, kind, &ava->type, &maxLen);
197	39.5k	if (rv) {
198		/* Illegal AVA type */
199	0	return NULL;
200	0	}
201	39.5k	rv = SetupAVAValue(arena, valueType, value, &ava->value, maxLen);
202	39.5k	if (rv) {
203		/* Illegal value type */
204	12	return NULL;
205	12	}
206	39.5k	}
207	39.5k	return ava;
208	39.5k	}
209
210		CERTAVA *
211		CERT_CreateAVA(PLArenaPool arena, SECOidTag kind, int valueType, char value)
212	0	{
213	0	SECItem item = { siBuffer, NULL, 0 };
214
215	0	item.data = (PRUint8 *)value;
216	0	item.len = PORT_Strlen(value);
217
218	0	return CERT_CreateAVAFromSECItem(arena, kind, valueType, &item);
219	0	}
220
221		CERTAVA *
222		CERT_CopyAVA(PLArenaPool arena, CERTAVA from)
223	22.5k	{
224	22.5k	CERTAVA *ava;
225	22.5k	int rv;
226
227	22.5k	ava = (CERTAVA *)PORT_ArenaZAlloc(arena, sizeof(CERTAVA));
228	22.5k	if (ava) {
229	22.5k	rv = SECITEM_CopyItem(arena, &ava->type, &from->type);
230	22.5k	if (rv)
231	0	goto loser;
232	22.5k	rv = SECITEM_CopyItem(arena, &ava->value, &from->value);
233	22.5k	if (rv)
234	0	goto loser;
235	22.5k	}
236	22.5k	return ava;
237
238	0	loser:
239	0	return 0;
240	22.5k	}
241
242		CERTRDN *
243		CERT_CreateRDN(PLArenaPool arena, CERTAVA ava0, ...)
244	66.2k	{
245	66.2k	CERTAVA *ava;
246	66.2k	CERTRDN *rdn;
247	66.2k	va_list ap;
248	66.2k	unsigned count;
249	66.2k	CERTAVA **avap;
250
251	66.2k	rdn = (CERTRDN *)PORT_ArenaAlloc(arena, sizeof(CERTRDN));
252	66.2k	if (rdn) {
253		/* Count number of avas going into the rdn */
254	66.2k	count = 0;
255	66.2k	if (ava0) {
256	29.9k	count++;
257	29.9k	va_start(ap, ava0);
258	29.9k	while (va_arg(ap, CERTAVA *) != 0) {
259	0	count++;
260	0	}
261	29.9k	va_end(ap);
262	29.9k	}
263
264		/* Now fill in the pointers */
265	66.2k	rdn->avas = avap =
266	66.2k	(CERTAVA *)PORT_ArenaAlloc(arena, (count + 1) sizeof(CERTAVA *));
267	66.2k	if (!avap) {
268	0	return 0;
269	0	}
270	66.2k	if (ava0) {
271	29.9k	*avap++ = ava0;
272	29.9k	va_start(ap, ava0);
273	29.9k	while ((ava = va_arg(ap, CERTAVA *)) != 0) {
274	0	*avap++ = ava;
275	0	}
276	29.9k	va_end(ap);
277	29.9k	}
278	66.2k	*avap++ = 0;
279	66.2k	}
280	66.2k	return rdn;
281	66.2k	}
282
283		SECStatus
284		CERT_AddAVA(PLArenaPool arena, CERTRDN rdn, CERTAVA *ava)
285	57.3k	{
286	57.3k	rdn->avas = (CERTAVA )AddToArray(arena, (void )rdn->avas, ava);
287	57.3k	return rdn->avas ? SECSuccess : SECFailure;
288	57.3k	}
289
290		SECStatus
291		CERT_CopyRDN(PLArenaPool arena, CERTRDN to, CERTRDN *from)
292	36.2k	{
293	36.2k	CERTAVA *avas, fava, *tava;
294	36.2k	SECStatus rv = SECSuccess;
295
296		/* Copy each ava from from */
297	36.2k	avas = from->avas;
298	36.2k	if (avas) {
299	36.2k	if (avas[0] == NULL) {
300	16.9k	rv = CERT_AddAVA(arena, to, NULL);
301	16.9k	return rv;
302	16.9k	}
303	41.8k	while ((fava = *avas++) != 0) {
304	22.5k	tava = CERT_CopyAVA(arena, fava);
305	22.5k	if (!tava) {
306	0	rv = SECFailure;
307	0	break;
308	0	}
309	22.5k	rv = CERT_AddAVA(arena, to, tava);
310	22.5k	if (rv != SECSuccess)
311	0	break;
312	22.5k	}
313	19.3k	}
314	19.3k	return rv;
315	36.2k	}
316
317		/************************************************************************/
318
319		const SEC_ASN1Template CERT_NameTemplate[] = {
320		{ SEC_ASN1_SEQUENCE_OF, offsetof(CERTName, rdns), CERT_RDNTemplate,
321		sizeof(CERTName) }
322		};
323
324		SEC_ASN1_CHOOSER_IMPLEMENT(CERT_NameTemplate)
325
326		CERTName *
327		CERT_CreateName(CERTRDN *rdn0, ...)
328	3.33k	{
329	3.33k	CERTRDN *rdn;
330	3.33k	CERTName *name;
331	3.33k	va_list ap;
332	3.33k	unsigned count;
333	3.33k	CERTRDN **rdnp;
334	3.33k	PLArenaPool *arena;
335
336	3.33k	arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
337	3.33k	if (!arena) {
338	0	return (0);
339	0	}
340
341	3.33k	name = (CERTName *)PORT_ArenaAlloc(arena, sizeof(CERTName));
342	3.33k	if (name) {
343	3.33k	name->arena = arena;
344
345		/* Count number of RDNs going into the Name */
346	3.33k	if (!rdn0) {
347	3.33k	count = 0;
348	3.33k	} else {
349	0	count = 1;
350	0	va_start(ap, rdn0);
351	0	while (va_arg(ap, CERTRDN *) != 0) {
352	0	count++;
353	0	}
354	0	va_end(ap);
355	0	}
356
357		/* Allocate space (including space for terminal null ptr) */
358	3.33k	name->rdns = rdnp =
359	3.33k	(CERTRDN *)PORT_ArenaAlloc(arena, (count + 1) sizeof(CERTRDN *));
360	3.33k	if (!name->rdns) {
361	0	goto loser;
362	0	}
363
364		/* Now fill in the pointers */
365	3.33k	if (count > 0) {
366	0	*rdnp++ = rdn0;
367	0	va_start(ap, rdn0);
368	0	while ((rdn = va_arg(ap, CERTRDN *)) != 0) {
369	0	*rdnp++ = rdn;
370	0	}
371	0	va_end(ap);
372	0	}
373
374		/* null terminate the list */
375	3.33k	*rdnp++ = 0;
376	3.33k	}
377	3.33k	return name;
378
379	0	loser:
380	0	PORT_FreeArena(arena, PR_FALSE);
381	0	return (0);
382	3.33k	}
383
384		void
385		CERT_DestroyName(CERTName *name)
386	9.61k	{
387	9.61k	if (name) {
388	8.83k	PLArenaPool *arena = name->arena;
389	8.83k	name->rdns = NULL;
390	8.83k	name->arena = NULL;
391	8.83k	if (arena)
392	3.33k	PORT_FreeArena(arena, PR_FALSE);
393	8.83k	}
394	9.61k	}
395
396		SECStatus
397		CERT_AddRDN(CERTName name, CERTRDN rdn)
398	66.3k	{
399	66.3k	name->rdns = (CERTRDN )AddToArray(name->arena, (void )name->rdns, rdn);
400	66.3k	return name->rdns ? SECSuccess : SECFailure;
401	66.3k	}
402
403		SECStatus
404		CERT_CopyName(PLArenaPool arena, CERTName to, const CERTName *from)
405	5.50k	{
406	5.50k	CERTRDN *rdns, frdn, *trdn;
407	5.50k	SECStatus rv = SECSuccess;
408
409	5.50k	if (!to \|\| !from) {
410	0	PORT_SetError(SEC_ERROR_INVALID_ARGS);
411	0	return SECFailure;
412	0	}
413
414	5.50k	CERT_DestroyName(to);
415	5.50k	to->arena = arena;
416
417		/* Copy each rdn from from */
418	5.50k	rdns = from->rdns;
419	5.50k	if (rdns) {
420	5.50k	if (rdns[0] == NULL) {
421	117	rv = CERT_AddRDN(to, NULL);
422	117	return rv;
423	117	}
424	41.6k	while ((frdn = *rdns++) != NULL) {
425	36.2k	trdn = CERT_CreateRDN(arena, NULL);
426	36.2k	if (!trdn) {
427	0	rv = SECFailure;
428	0	break;
429	0	}
430	36.2k	rv = CERT_CopyRDN(arena, trdn, frdn);
431	36.2k	if (rv != SECSuccess)
432	0	break;
433	36.2k	rv = CERT_AddRDN(to, trdn);
434	36.2k	if (rv != SECSuccess)
435	0	break;
436	36.2k	}
437	5.38k	}
438	5.38k	return rv;
439	5.50k	}
440
441		/************************************************************************/
442
443		static void
444		canonicalize(SECItem *foo)
445	3.02k	{
446	3.02k	int ch, lastch, len, src, dest;
447
448		/* strip trailing whitespace. */
449	3.02k	len = foo->len;
450	4.72k	while (len > 0 && ((ch = foo->data[len - 1]) == ' ' \|\| ch == '\t' \|\|
451	2.74k	ch == '\r' \|\| ch == '\n')) {
452	1.69k	len--;
453	1.69k	}
454
455	3.02k	src = 0;
456		/* strip leading whitespace. */
457	3.97k	while (src < len && ((ch = foo->data[src]) == ' ' \|\| ch == '\t' \|\|
458	2.71k	ch == '\r' \|\| ch == '\n')) {
459	946	src++;
460	946	}
461	3.02k	dest = 0;
462	3.02k	lastch = ' ';
463	13.0k	while (src < len) {
464	9.98k	ch = foo->data[src++];
465	9.98k	if (ch == ' ' \|\| ch == '\t' \|\| ch == '\r' \|\| ch == '\n') {
466	2.22k	ch = ' ';
467	2.22k	if (ch == lastch)
468	1.53k	continue;
469	7.75k	} else if (ch >= 'A' && ch <= 'Z') {
470	2.41k	ch \|= 0x20; /* downshift */
471	2.41k	}
472	8.44k	foo->data[dest++] = lastch = ch;
473	8.44k	}
474	3.02k	foo->len = dest;
475	3.02k	}
476
477		/* SECItems a and b contain DER-encoded printable strings. */
478		SECComparison
479		CERT_CompareDERPrintableStrings(const SECItem a, const SECItem b)
480	1.52k	{
481	1.52k	SECComparison rv = SECLessThan;
482	1.52k	SECItem *aVal = CERT_DecodeAVAValue(a);
483	1.52k	SECItem *bVal = CERT_DecodeAVAValue(b);
484
485	1.52k	if (aVal && aVal->len && aVal->data && bVal && bVal->len && bVal->data) {
486	1.51k	canonicalize(aVal);
487	1.51k	canonicalize(bVal);
488	1.51k	rv = SECITEM_CompareItem(aVal, bVal);
489	1.51k	}
490	1.52k	SECITEM_FreeItem(aVal, PR_TRUE);
491	1.52k	SECITEM_FreeItem(bVal, PR_TRUE);
492	1.52k	return rv;
493	1.52k	}
494
495		SECComparison
496		CERT_CompareAVA(const CERTAVA a, const CERTAVA b)
497	28.9k	{
498	28.9k	SECComparison rv;
499
500	28.9k	rv = SECITEM_CompareItem(&a->type, &b->type);
501	28.9k	if (SECEqual != rv)
502	0	return rv; /* Attribute types don't match. */
503		/* Let's be optimistic. Maybe the values will just compare equal. */
504	28.9k	rv = SECITEM_CompareItem(&a->value, &b->value);
505	28.9k	if (SECEqual == rv)
506	26.7k	return rv; /* values compared exactly. */
507	2.13k	if (a->value.len && a->value.data && b->value.len && b->value.data) {
508		/* Here, the values did not match.
509		** If the values had different encodings, convert them to the same
510		** encoding and compare that way.
511		*/
512	2.13k	if (a->value.data[0] != b->value.data[0]) {
513		/* encodings differ. Convert both to UTF-8 and compare. */
514	470	SECItem *aVal = CERT_DecodeAVAValue(&a->value);
515	470	SECItem *bVal = CERT_DecodeAVAValue(&b->value);
516	470	if (aVal && aVal->len && aVal->data && bVal && bVal->len &&
517	301	bVal->data) {
518	301	rv = SECITEM_CompareItem(aVal, bVal);
519	301	}
520	470	SECITEM_FreeItem(aVal, PR_TRUE);
521	470	SECITEM_FreeItem(bVal, PR_TRUE);
522	1.66k	} else if (a->value.data[0] == 0x13) { /* both are printable strings. */
523		/* printable strings */
524	1.52k	rv = CERT_CompareDERPrintableStrings(&a->value, &b->value);
525	1.52k	}
526	2.13k	}
527	2.13k	return rv;
528	28.9k	}
529
530		SECComparison
531		CERT_CompareRDN(const CERTRDN a, const CERTRDN b)
532	25.2k	{
533	25.2k	CERTAVA *aavas, aava;
534	25.2k	CERTAVA *bavas, bava;
535	25.2k	int ac, bc;
536	25.2k	SECComparison rv = SECEqual;
537
538	25.2k	aavas = a->avas;
539	25.2k	bavas = b->avas;
540
541		/*
542		** Make sure array of ava's are the same length. If not, then we are
543		** not equal
544		*/
545	25.2k	ac = CountArray((void **)aavas);
546	25.2k	bc = CountArray((void **)bavas);
547	25.2k	if (ac < bc)
548	0	return SECLessThan;
549	25.2k	if (ac > bc)
550	0	return SECGreaterThan;
551
552	53.4k	while (NULL != (aava = *aavas++)) {
553	31.4k	for (bavas = b->avas; NULL != (bava = *bavas++);) {
554	31.4k	rv = SECITEM_CompareItem(&aava->type, &bava->type);
555	31.4k	if (SECEqual == rv) {
556	28.9k	rv = CERT_CompareAVA(aava, bava);
557	28.9k	if (SECEqual != rv)
558	686	return rv;
559	28.2k	break;
560	28.9k	}
561	31.4k	}
562	28.2k	if (!bava) /* didn't find a match */
563	0	return SECGreaterThan;
564	28.2k	}
565	24.5k	return rv;
566	25.2k	}
567
568		SECComparison
569		CERT_CompareName(const CERTName a, const CERTName b)
570	2.55k	{
571	2.55k	CERTRDN **ardns;
572	2.55k	CERTRDN **brdns;
573	2.55k	int ac, bc;
574	2.55k	SECComparison rv = SECEqual;
575
576	2.55k	ardns = a->rdns;
577	2.55k	brdns = b->rdns;
578
579		/*
580		** Make sure array of rdn's are the same length. If not, then we are
581		** not equal
582		*/
583	2.55k	ac = CountArray((void **)ardns);
584	2.55k	bc = CountArray((void **)brdns);
585	2.55k	if (ac < bc)
586	0	return SECLessThan;
587	2.55k	if (ac > bc)
588	0	return SECGreaterThan;
589
590	27.7k	while (rv == SECEqual && *ardns) {
591	25.2k	rv = CERT_CompareRDN(ardns++, brdns++);
592	25.2k	}
593	2.55k	return rv;
594	2.55k	}
595
596		/* Moved from certhtml.c */
597		SECItem *
598		CERT_DecodeAVAValue(const SECItem *derAVAValue)
599	322k	{
600	322k	SECItem *retItem;
601	322k	const SEC_ASN1Template *theTemplate = NULL;
602	322k	enum { conv_none,
603	322k	conv_ucs4,
604	322k	conv_ucs2,
605	322k	conv_iso88591 } convert = conv_none;
606	322k	SECItem avaValue = { siBuffer, 0 };
607	322k	PORTCheapArenaPool tmpArena;
608
609	322k	if (!derAVAValue \|\| !derAVAValue->len \|\| !derAVAValue->data) {
610	0	PORT_SetError(SEC_ERROR_INVALID_ARGS);
611	0	return NULL;
612	0	}
613
614	322k	switch (derAVAValue->data[0]) {
615	4.80k	case SEC_ASN1_UNIVERSAL_STRING:
616	4.80k	convert = conv_ucs4;
617	4.80k	theTemplate = SEC_ASN1_GET(SEC_UniversalStringTemplate);
618	4.80k	break;
619	47.3k	case SEC_ASN1_IA5_STRING:
620	47.3k	theTemplate = SEC_ASN1_GET(SEC_IA5StringTemplate);
621	47.3k	break;
622	144k	case SEC_ASN1_PRINTABLE_STRING:
623	144k	theTemplate = SEC_ASN1_GET(SEC_PrintableStringTemplate);
624	144k	break;
625	7.56k	case SEC_ASN1_T61_STRING:
626		/*
627		* Per common practice, we're not decoding actual T.61, but instead
628		* treating T61-labeled strings as containing ISO-8859-1.
629		*/
630	7.56k	convert = conv_iso88591;
631	7.56k	theTemplate = SEC_ASN1_GET(SEC_T61StringTemplate);
632	7.56k	break;
633	7.60k	case SEC_ASN1_BMP_STRING:
634	7.60k	convert = conv_ucs2;
635	7.60k	theTemplate = SEC_ASN1_GET(SEC_BMPStringTemplate);
636	7.60k	break;
637	28.4k	case SEC_ASN1_UTF8_STRING:
638		/* No conversion needed ! */
639	28.4k	theTemplate = SEC_ASN1_GET(SEC_UTF8StringTemplate);
640	28.4k	break;
641	81.7k	default:
642	81.7k	PORT_SetError(SEC_ERROR_INVALID_AVA);
643	81.7k	return NULL;
644	322k	}
645
646	240k	PORT_Memset(&avaValue, 0, sizeof(SECItem));
647	240k	PORT_InitCheapArena(&tmpArena, DER_DEFAULT_CHUNKSIZE);
648	240k	if (SEC_QuickDERDecodeItem(&tmpArena.arena, &avaValue, theTemplate,
649	240k	derAVAValue) != SECSuccess) {
650	4.10k	PORT_DestroyCheapArena(&tmpArena);
651	4.10k	return NULL;
652	4.10k	}
653
654	236k	if (convert != conv_none) {
655	17.0k	unsigned int utf8ValLen = avaValue.len * 3;
656	17.0k	unsigned char *utf8Val =
657	17.0k	(unsigned char *)PORT_ArenaZAlloc(&tmpArena.arena, utf8ValLen);
658
659	17.0k	switch (convert) {
660	3.92k	case conv_ucs4:
661	3.92k	if (avaValue.len % 4 != 0 \|\|
662	2.79k	!PORT_UCS4_UTF8Conversion(PR_FALSE, avaValue.data,
663	2.79k	avaValue.len, utf8Val, utf8ValLen,
664	2.79k	&utf8ValLen)) {
665	2.14k	PORT_DestroyCheapArena(&tmpArena);
666	2.14k	PORT_SetError(SEC_ERROR_INVALID_AVA);
667	2.14k	return NULL;
668	2.14k	}
669	1.78k	break;
670	6.80k	case conv_ucs2:
671	6.80k	if (avaValue.len % 2 != 0 \|\|
672	3.17k	!PORT_UCS2_UTF8Conversion(PR_FALSE, avaValue.data,
673	3.17k	avaValue.len, utf8Val, utf8ValLen,
674	4.58k	&utf8ValLen)) {
675	4.58k	PORT_DestroyCheapArena(&tmpArena);
676	4.58k	PORT_SetError(SEC_ERROR_INVALID_AVA);
677	4.58k	return NULL;
678	4.58k	}
679	2.21k	break;
680	6.36k	case conv_iso88591:
681	6.36k	if (!PORT_ISO88591_UTF8Conversion(avaValue.data, avaValue.len,
682	6.36k	utf8Val, utf8ValLen,
683	6.36k	&utf8ValLen)) {
684	0	PORT_DestroyCheapArena(&tmpArena);
685	0	PORT_SetError(SEC_ERROR_INVALID_AVA);
686	0	return NULL;
687	0	}
688	6.36k	break;
689	6.36k	case conv_none:
690	0	PORT_Assert(0); /* not reached */
691	0	break;
692	17.0k	}
693
694	10.3k	avaValue.data = utf8Val;
695	10.3k	avaValue.len = utf8ValLen;
696	10.3k	}
697
698	229k	retItem = SECITEM_DupItem(&avaValue);
699	229k	PORT_DestroyCheapArena(&tmpArena);
700	229k	return retItem;
701	236k	}