Bug 1033103: Add and use mozilla::pkix::der::ExpectTagAndGetTLV, r=ke…

…eler

--HG--
extra : rebase_source : 16461be12705998799f5c84e2043d68b0c431cb0

lib/mozpkix/lib/pkixder.h

@@ -338,6 +338,22 @@ ExpectTagAndGetValue(Input& input, uint8_t tag, /*out*/ Input& value)
   return input.Skip(length, value);
 }
 
+// Like ExpectTagAndGetValue, except the output SECItem will contain the
+// encoded tag and length along with the value.
+inline Result
+ExpectTagAndGetTLV(Input& input, uint8_t tag, /*out*/ SECItem& tlv)
+{
+  Input::Mark mark(input.GetMark());
+  uint16_t length;
+  if (internal::ExpectTagAndGetLength(input, tag, length) != Success) {
+    return Failure;
+  }
+  if (input.Skip(length) != Success) {
+    return Failure;
+  }
+  return input.GetSECItem(siBuffer, mark, tlv);
+}
+
 inline Result
 End(Input& input)
 {

lib/mozpkix/lib/pkixocsp.cpp

@@ -460,14 +460,8 @@ BasicResponse(der::Input& input, Context& context)
         return der::Fail(SEC_ERROR_BAD_DER);
       }
 
-      // Unwrap the SEQUENCE that contains the certificate, which is itself a
-      // SEQUENCE.
-      der::Input::Mark mark(input.GetMark());
-      if (der::ExpectTagAndSkipValue(input, der::SEQUENCE) != der::Success) {
-        return der::Failure;
-      }
-
-      if (input.GetSECItem(siBuffer, mark, certs[numCerts]) != der::Success) {
+      if (der::ExpectTagAndGetTLV(input, der::SEQUENCE, certs[numCerts])
+            != der::Success) {
         return der::Failure;
       }
       ++numCerts;

lib/mozpkix/test/gtest/pkixder_input_tests.cpp

@@ -700,6 +700,66 @@ TEST_F(pkixder_input_tests, ExpectTagAndGetLength_SECItem_InvalidWrongTag)
   ASSERT_EQ(SEC_ERROR_BAD_DER, PR_GetError());
 }
 
+TEST_F(pkixder_input_tests, ExpectTagAndGetTLV_SECItem_ValidEmpty)
+{
+  Input input;
+  ASSERT_EQ(Success,
+            input.Init(DER_SEQUENCE_EMPTY, sizeof DER_SEQUENCE_EMPTY));
+  SECItem tlv = { siBuffer, nullptr, 5 };
+  ASSERT_EQ(Success, ExpectTagAndGetTLV(input, SEQUENCE, tlv));
+  ASSERT_EQ(sizeof DER_SEQUENCE_EMPTY, tlv.len);
+  ASSERT_TRUE(tlv.data);
+  ASSERT_FALSE(memcmp(tlv.data, DER_SEQUENCE_EMPTY,
+                      sizeof DER_SEQUENCE_EMPTY));
+  ASSERT_TRUE(input.AtEnd());
+}
+
+TEST_F(pkixder_input_tests, ExpectTagAndGetTLV_SECItem_ValidNotEmpty)
+{
+  Input input;
+  ASSERT_EQ(Success,
+            input.Init(DER_SEQUENCE_NOT_EMPTY, sizeof DER_SEQUENCE_NOT_EMPTY));
+  SECItem tlv;
+  ASSERT_EQ(Success, ExpectTagAndGetTLV(input, SEQUENCE, tlv));
+  ASSERT_EQ(sizeof(DER_SEQUENCE_NOT_EMPTY), tlv.len);
+  ASSERT_TRUE(tlv.data);
+  ASSERT_FALSE(memcmp(tlv.data, DER_SEQUENCE_NOT_EMPTY,
+                      sizeof(DER_SEQUENCE_NOT_EMPTY)));
+  ASSERT_TRUE(input.AtEnd());
+}
+
+TEST_F(pkixder_input_tests,
+       ExpectTagAndGetTLV_SECItem_InvalidNotEmptyValueTruncated)
+{
+  Input input;
+  ASSERT_EQ(Success,
+            input.Init(DER_SEQUENCE_NOT_EMPTY_VALUE_TRUNCATED,
+                       sizeof DER_SEQUENCE_NOT_EMPTY_VALUE_TRUNCATED));
+  SECItem tlv;
+  ASSERT_EQ(Failure, ExpectTagAndGetTLV(input, SEQUENCE, tlv));
+  ASSERT_EQ(SEC_ERROR_BAD_DER, PR_GetError());
+}
+
+TEST_F(pkixder_input_tests, ExpectTagAndGetTLV_SECItem_InvalidWrongLength)
+{
+  Input input;
+  ASSERT_EQ(Success, input.Init(DER_TRUNCATED_SEQUENCE_OF_INT8,
+                                sizeof DER_TRUNCATED_SEQUENCE_OF_INT8));
+  SECItem tlv;
+  ASSERT_EQ(Failure, ExpectTagAndGetTLV(input, SEQUENCE, tlv));
+  ASSERT_EQ(SEC_ERROR_BAD_DER, PR_GetError());
+}
+
+TEST_F(pkixder_input_tests, ExpectTagAndGetTLV_SECItem_InvalidWrongTag)
+{
+  Input input;
+  ASSERT_EQ(Success,
+            input.Init(DER_SEQUENCE_NOT_EMPTY, sizeof DER_SEQUENCE_NOT_EMPTY));
+  SECItem tlv;
+  ASSERT_EQ(Failure, ExpectTagAndGetTLV(input, INTEGER, tlv));
+  ASSERT_EQ(SEC_ERROR_BAD_DER, PR_GetError());
+}
+
 TEST_F(pkixder_input_tests, ExpectTagAndSkipLength)
 {
   Input input;