summaryrefslogtreecommitdiff
path: root/nss/lib/pkcs7/p7create.c
diff options
context:
space:
mode:
authorLorry Tar Creator <lorry-tar-importer@lorry>2017-01-04 14:24:24 +0000
committerLorry Tar Creator <lorry-tar-importer@lorry>2017-01-04 14:24:24 +0000
commitdc1565216a5d20ae0d75872151523252309a1292 (patch)
treed57454ba9a40386552179eddf60d28bd1e8f3d54 /nss/lib/pkcs7/p7create.c
parent26c046fbc57d53136b4fb3b5e0d18298318125d4 (diff)
downloadnss-dc1565216a5d20ae0d75872151523252309a1292.tar.gz
nss-3.28.1nss-3.28.1
Diffstat (limited to 'nss/lib/pkcs7/p7create.c')
-rw-r--r--nss/lib/pkcs7/p7create.c1048
1 files changed, 502 insertions, 546 deletions
diff --git a/nss/lib/pkcs7/p7create.c b/nss/lib/pkcs7/p7create.c
index 983b7b5..fcf0cad 100644
--- a/nss/lib/pkcs7/p7create.c
+++ b/nss/lib/pkcs7/p7create.c
@@ -21,106 +21,104 @@
const int NSS_PBE_DEFAULT_ITERATION_COUNT = 2000; /* used in p12e.c too */
static SECStatus
-sec_pkcs7_init_content_info (SEC_PKCS7ContentInfo *cinfo, PLArenaPool *poolp,
- SECOidTag kind, PRBool detached)
+sec_pkcs7_init_content_info(SEC_PKCS7ContentInfo *cinfo, PLArenaPool *poolp,
+ SECOidTag kind, PRBool detached)
{
void *thing;
int version;
SECItem *versionp;
SECStatus rv;
- PORT_Assert (cinfo != NULL && poolp != NULL);
+ PORT_Assert(cinfo != NULL && poolp != NULL);
if (cinfo == NULL || poolp == NULL)
- return SECFailure;
+ return SECFailure;
- cinfo->contentTypeTag = SECOID_FindOIDByTag (kind);
- PORT_Assert (cinfo->contentTypeTag
- && cinfo->contentTypeTag->offset == kind);
+ cinfo->contentTypeTag = SECOID_FindOIDByTag(kind);
+ PORT_Assert(cinfo->contentTypeTag && cinfo->contentTypeTag->offset == kind);
- rv = SECITEM_CopyItem (poolp, &(cinfo->contentType),
- &(cinfo->contentTypeTag->oid));
+ rv = SECITEM_CopyItem(poolp, &(cinfo->contentType),
+ &(cinfo->contentTypeTag->oid));
if (rv != SECSuccess)
- return rv;
+ return rv;
if (detached)
- return SECSuccess;
+ return SECSuccess;
switch (kind) {
- default:
- case SEC_OID_PKCS7_DATA:
- thing = PORT_ArenaZAlloc (poolp, sizeof(SECItem));
- cinfo->content.data = (SECItem*)thing;
- versionp = NULL;
- version = -1;
- break;
- case SEC_OID_PKCS7_DIGESTED_DATA:
- thing = PORT_ArenaZAlloc (poolp, sizeof(SEC_PKCS7DigestedData));
- cinfo->content.digestedData = (SEC_PKCS7DigestedData*)thing;
- versionp = &(cinfo->content.digestedData->version);
- version = SEC_PKCS7_DIGESTED_DATA_VERSION;
- break;
- case SEC_OID_PKCS7_ENCRYPTED_DATA:
- thing = PORT_ArenaZAlloc (poolp, sizeof(SEC_PKCS7EncryptedData));
- cinfo->content.encryptedData = (SEC_PKCS7EncryptedData*)thing;
- versionp = &(cinfo->content.encryptedData->version);
- version = SEC_PKCS7_ENCRYPTED_DATA_VERSION;
- break;
- case SEC_OID_PKCS7_ENVELOPED_DATA:
- thing = PORT_ArenaZAlloc (poolp, sizeof(SEC_PKCS7EnvelopedData));
- cinfo->content.envelopedData =
- (SEC_PKCS7EnvelopedData*)thing;
- versionp = &(cinfo->content.envelopedData->version);
- version = SEC_PKCS7_ENVELOPED_DATA_VERSION;
- break;
- case SEC_OID_PKCS7_SIGNED_DATA:
- thing = PORT_ArenaZAlloc (poolp, sizeof(SEC_PKCS7SignedData));
- cinfo->content.signedData =
- (SEC_PKCS7SignedData*)thing;
- versionp = &(cinfo->content.signedData->version);
- version = SEC_PKCS7_SIGNED_DATA_VERSION;
- break;
- case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
- thing = PORT_ArenaZAlloc(poolp,sizeof(SEC_PKCS7SignedAndEnvelopedData));
- cinfo->content.signedAndEnvelopedData =
- (SEC_PKCS7SignedAndEnvelopedData*)thing;
- versionp = &(cinfo->content.signedAndEnvelopedData->version);
- version = SEC_PKCS7_SIGNED_AND_ENVELOPED_DATA_VERSION;
- break;
+ default:
+ case SEC_OID_PKCS7_DATA:
+ thing = PORT_ArenaZAlloc(poolp, sizeof(SECItem));
+ cinfo->content.data = (SECItem *)thing;
+ versionp = NULL;
+ version = -1;
+ break;
+ case SEC_OID_PKCS7_DIGESTED_DATA:
+ thing = PORT_ArenaZAlloc(poolp, sizeof(SEC_PKCS7DigestedData));
+ cinfo->content.digestedData = (SEC_PKCS7DigestedData *)thing;
+ versionp = &(cinfo->content.digestedData->version);
+ version = SEC_PKCS7_DIGESTED_DATA_VERSION;
+ break;
+ case SEC_OID_PKCS7_ENCRYPTED_DATA:
+ thing = PORT_ArenaZAlloc(poolp, sizeof(SEC_PKCS7EncryptedData));
+ cinfo->content.encryptedData = (SEC_PKCS7EncryptedData *)thing;
+ versionp = &(cinfo->content.encryptedData->version);
+ version = SEC_PKCS7_ENCRYPTED_DATA_VERSION;
+ break;
+ case SEC_OID_PKCS7_ENVELOPED_DATA:
+ thing = PORT_ArenaZAlloc(poolp, sizeof(SEC_PKCS7EnvelopedData));
+ cinfo->content.envelopedData =
+ (SEC_PKCS7EnvelopedData *)thing;
+ versionp = &(cinfo->content.envelopedData->version);
+ version = SEC_PKCS7_ENVELOPED_DATA_VERSION;
+ break;
+ case SEC_OID_PKCS7_SIGNED_DATA:
+ thing = PORT_ArenaZAlloc(poolp, sizeof(SEC_PKCS7SignedData));
+ cinfo->content.signedData =
+ (SEC_PKCS7SignedData *)thing;
+ versionp = &(cinfo->content.signedData->version);
+ version = SEC_PKCS7_SIGNED_DATA_VERSION;
+ break;
+ case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
+ thing = PORT_ArenaZAlloc(poolp, sizeof(SEC_PKCS7SignedAndEnvelopedData));
+ cinfo->content.signedAndEnvelopedData =
+ (SEC_PKCS7SignedAndEnvelopedData *)thing;
+ versionp = &(cinfo->content.signedAndEnvelopedData->version);
+ version = SEC_PKCS7_SIGNED_AND_ENVELOPED_DATA_VERSION;
+ break;
}
if (thing == NULL)
- return SECFailure;
+ return SECFailure;
if (versionp != NULL) {
- SECItem *dummy;
+ SECItem *dummy;
- PORT_Assert (version >= 0);
- dummy = SEC_ASN1EncodeInteger (poolp, versionp, version);
- if (dummy == NULL)
- return SECFailure;
- PORT_Assert (dummy == versionp);
+ PORT_Assert(version >= 0);
+ dummy = SEC_ASN1EncodeInteger(poolp, versionp, version);
+ if (dummy == NULL)
+ return SECFailure;
+ PORT_Assert(dummy == versionp);
}
return SECSuccess;
}
-
static SEC_PKCS7ContentInfo *
-sec_pkcs7_create_content_info (SECOidTag kind, PRBool detached,
- SECKEYGetPasswordKey pwfn, void *pwfn_arg)
+sec_pkcs7_create_content_info(SECOidTag kind, PRBool detached,
+ SECKEYGetPasswordKey pwfn, void *pwfn_arg)
{
SEC_PKCS7ContentInfo *cinfo;
PLArenaPool *poolp;
SECStatus rv;
- poolp = PORT_NewArena (1024); /* XXX what is right value? */
+ poolp = PORT_NewArena(1024); /* XXX what is right value? */
if (poolp == NULL)
- return NULL;
+ return NULL;
- cinfo = (SEC_PKCS7ContentInfo*)PORT_ArenaZAlloc (poolp, sizeof(*cinfo));
+ cinfo = (SEC_PKCS7ContentInfo *)PORT_ArenaZAlloc(poolp, sizeof(*cinfo));
if (cinfo == NULL) {
- PORT_FreeArena (poolp, PR_FALSE);
- return NULL;
+ PORT_FreeArena(poolp, PR_FALSE);
+ return NULL;
}
cinfo->poolp = poolp;
@@ -129,16 +127,15 @@ sec_pkcs7_create_content_info (SECOidTag kind, PRBool detached,
cinfo->created = PR_TRUE;
cinfo->refCount = 1;
- rv = sec_pkcs7_init_content_info (cinfo, poolp, kind, detached);
+ rv = sec_pkcs7_init_content_info(cinfo, poolp, kind, detached);
if (rv != SECSuccess) {
- PORT_FreeArena (poolp, PR_FALSE);
- return NULL;
+ PORT_FreeArena(poolp, PR_FALSE);
+ return NULL;
}
return cinfo;
}
-
/*
* Add a signer to a PKCS7 thing, verifying the signature cert first.
* Any error returns SECFailure.
@@ -147,45 +144,41 @@ sec_pkcs7_create_content_info (SECOidTag kind, PRBool detached,
* to add a second one -- this needs to be fixed.
*/
static SECStatus
-sec_pkcs7_add_signer (SEC_PKCS7ContentInfo *cinfo,
- CERTCertificate * cert,
- SECCertUsage certusage,
- CERTCertDBHandle * certdb,
- SECOidTag digestalgtag,
- SECItem * digestdata)
+sec_pkcs7_add_signer(SEC_PKCS7ContentInfo *cinfo,
+ CERTCertificate *cert,
+ SECCertUsage certusage,
+ CERTCertDBHandle *certdb,
+ SECOidTag digestalgtag,
+ SECItem *digestdata)
{
SEC_PKCS7SignerInfo *signerinfo, **signerinfos, ***signerinfosp;
- SECAlgorithmID *digestalg, **digestalgs, ***digestalgsp;
- SECItem *digest, **digests, ***digestsp;
- SECItem * dummy;
- void * mark;
- SECStatus rv;
- SECOidTag kind;
-
- kind = SEC_PKCS7ContentType (cinfo);
+ SECAlgorithmID *digestalg, **digestalgs, ***digestalgsp;
+ SECItem *digest, **digests, ***digestsp;
+ SECItem *dummy;
+ void *mark;
+ SECStatus rv;
+ SECOidTag kind;
+
+ kind = SEC_PKCS7ContentType(cinfo);
switch (kind) {
- case SEC_OID_PKCS7_SIGNED_DATA:
- {
- SEC_PKCS7SignedData *sdp;
-
- sdp = cinfo->content.signedData;
- digestalgsp = &(sdp->digestAlgorithms);
- digestsp = &(sdp->digests);
- signerinfosp = &(sdp->signerInfos);
- }
- break;
- case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
- {
- SEC_PKCS7SignedAndEnvelopedData *saedp;
-
- saedp = cinfo->content.signedAndEnvelopedData;
- digestalgsp = &(saedp->digestAlgorithms);
- digestsp = &(saedp->digests);
- signerinfosp = &(saedp->signerInfos);
- }
- break;
- default:
- return SECFailure; /* XXX set an error? */
+ case SEC_OID_PKCS7_SIGNED_DATA: {
+ SEC_PKCS7SignedData *sdp;
+
+ sdp = cinfo->content.signedData;
+ digestalgsp = &(sdp->digestAlgorithms);
+ digestsp = &(sdp->digests);
+ signerinfosp = &(sdp->signerInfos);
+ } break;
+ case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: {
+ SEC_PKCS7SignedAndEnvelopedData *saedp;
+
+ saedp = cinfo->content.signedAndEnvelopedData;
+ digestalgsp = &(saedp->digestAlgorithms);
+ digestsp = &(saedp->digests);
+ signerinfosp = &(saedp->signerInfos);
+ } break;
+ default:
+ return SECFailure; /* XXX set an error? */
}
/*
@@ -193,16 +186,15 @@ sec_pkcs7_add_signer (SEC_PKCS7ContentInfo *cinfo,
* a NULL database.
*/
if (certdb == NULL) {
- certdb = CERT_GetDefaultCertDB();
- if (certdb == NULL)
- return SECFailure; /* XXX set an error? */
+ certdb = CERT_GetDefaultCertDB();
+ if (certdb == NULL)
+ return SECFailure; /* XXX set an error? */
}
- if (CERT_VerifyCert (certdb, cert, PR_TRUE, certusage, PR_Now(),
- cinfo->pwfn_arg, NULL) != SECSuccess)
- {
- /* XXX Did CERT_VerifyCert set an error? */
- return SECFailure;
+ if (CERT_VerifyCert(certdb, cert, PR_TRUE, certusage, PR_Now(),
+ cinfo->pwfn_arg, NULL) != SECSuccess) {
+ /* XXX Did CERT_VerifyCert set an error? */
+ return SECFailure;
}
/*
@@ -210,45 +202,44 @@ sec_pkcs7_add_signer (SEC_PKCS7ContentInfo *cinfo,
* This is not what we really want -- we want to allow this
* and *add* the new signer.
*/
- PORT_Assert (*signerinfosp == NULL
- && *digestalgsp == NULL && *digestsp == NULL);
+ PORT_Assert(*signerinfosp == NULL && *digestalgsp == NULL && *digestsp == NULL);
if (*signerinfosp != NULL || *digestalgsp != NULL || *digestsp != NULL)
- return SECFailure;
+ return SECFailure;
- mark = PORT_ArenaMark (cinfo->poolp);
+ mark = PORT_ArenaMark(cinfo->poolp);
- signerinfo = (SEC_PKCS7SignerInfo*)PORT_ArenaZAlloc (cinfo->poolp,
- sizeof(SEC_PKCS7SignerInfo));
+ signerinfo = (SEC_PKCS7SignerInfo *)PORT_ArenaZAlloc(cinfo->poolp,
+ sizeof(SEC_PKCS7SignerInfo));
if (signerinfo == NULL) {
- PORT_ArenaRelease (cinfo->poolp, mark);
- return SECFailure;
+ PORT_ArenaRelease(cinfo->poolp, mark);
+ return SECFailure;
}
- dummy = SEC_ASN1EncodeInteger (cinfo->poolp, &signerinfo->version,
- SEC_PKCS7_SIGNER_INFO_VERSION);
+ dummy = SEC_ASN1EncodeInteger(cinfo->poolp, &signerinfo->version,
+ SEC_PKCS7_SIGNER_INFO_VERSION);
if (dummy == NULL) {
- PORT_ArenaRelease (cinfo->poolp, mark);
- return SECFailure;
+ PORT_ArenaRelease(cinfo->poolp, mark);
+ return SECFailure;
}
- PORT_Assert (dummy == &signerinfo->version);
+ PORT_Assert(dummy == &signerinfo->version);
- signerinfo->cert = CERT_DupCertificate (cert);
+ signerinfo->cert = CERT_DupCertificate(cert);
if (signerinfo->cert == NULL) {
- PORT_ArenaRelease (cinfo->poolp, mark);
- return SECFailure;
+ PORT_ArenaRelease(cinfo->poolp, mark);
+ return SECFailure;
}
- signerinfo->issuerAndSN = CERT_GetCertIssuerAndSN (cinfo->poolp, cert);
+ signerinfo->issuerAndSN = CERT_GetCertIssuerAndSN(cinfo->poolp, cert);
if (signerinfo->issuerAndSN == NULL) {
- PORT_ArenaRelease (cinfo->poolp, mark);
- return SECFailure;
+ PORT_ArenaRelease(cinfo->poolp, mark);
+ return SECFailure;
}
- rv = SECOID_SetAlgorithmID (cinfo->poolp, &signerinfo->digestAlg,
- digestalgtag, NULL);
+ rv = SECOID_SetAlgorithmID(cinfo->poolp, &signerinfo->digestAlg,
+ digestalgtag, NULL);
if (rv != SECSuccess) {
- PORT_ArenaRelease (cinfo->poolp, mark);
- return SECFailure;
+ PORT_ArenaRelease(cinfo->poolp, mark);
+ return SECFailure;
}
/*
@@ -265,46 +256,46 @@ sec_pkcs7_add_signer (SEC_PKCS7ContentInfo *cinfo,
* should be *added* to the set already found.
*/
- signerinfos = (SEC_PKCS7SignerInfo**)PORT_ArenaAlloc (cinfo->poolp,
- 2 * sizeof(SEC_PKCS7SignerInfo *));
+ signerinfos = (SEC_PKCS7SignerInfo **)PORT_ArenaAlloc(cinfo->poolp,
+ 2 * sizeof(SEC_PKCS7SignerInfo *));
if (signerinfos == NULL) {
- PORT_ArenaRelease (cinfo->poolp, mark);
- return SECFailure;
+ PORT_ArenaRelease(cinfo->poolp, mark);
+ return SECFailure;
}
signerinfos[0] = signerinfo;
signerinfos[1] = NULL;
- digestalg = PORT_ArenaZAlloc (cinfo->poolp, sizeof(SECAlgorithmID));
- digestalgs = PORT_ArenaAlloc (cinfo->poolp, 2 * sizeof(SECAlgorithmID *));
+ digestalg = PORT_ArenaZAlloc(cinfo->poolp, sizeof(SECAlgorithmID));
+ digestalgs = PORT_ArenaAlloc(cinfo->poolp, 2 * sizeof(SECAlgorithmID *));
if (digestalg == NULL || digestalgs == NULL) {
- PORT_ArenaRelease (cinfo->poolp, mark);
- return SECFailure;
+ PORT_ArenaRelease(cinfo->poolp, mark);
+ return SECFailure;
}
- rv = SECOID_SetAlgorithmID (cinfo->poolp, digestalg, digestalgtag, NULL);
+ rv = SECOID_SetAlgorithmID(cinfo->poolp, digestalg, digestalgtag, NULL);
if (rv != SECSuccess) {
- PORT_ArenaRelease (cinfo->poolp, mark);
- return SECFailure;
+ PORT_ArenaRelease(cinfo->poolp, mark);
+ return SECFailure;
}
digestalgs[0] = digestalg;
digestalgs[1] = NULL;
if (digestdata != NULL) {
- digest = (SECItem*)PORT_ArenaAlloc (cinfo->poolp, sizeof(SECItem));
- digests = (SECItem**)PORT_ArenaAlloc (cinfo->poolp,
- 2 * sizeof(SECItem *));
- if (digest == NULL || digests == NULL) {
- PORT_ArenaRelease (cinfo->poolp, mark);
- return SECFailure;
- }
- rv = SECITEM_CopyItem (cinfo->poolp, digest, digestdata);
- if (rv != SECSuccess) {
- PORT_ArenaRelease (cinfo->poolp, mark);
- return SECFailure;
- }
- digests[0] = digest;
- digests[1] = NULL;
+ digest = (SECItem *)PORT_ArenaAlloc(cinfo->poolp, sizeof(SECItem));
+ digests = (SECItem **)PORT_ArenaAlloc(cinfo->poolp,
+ 2 * sizeof(SECItem *));
+ if (digest == NULL || digests == NULL) {
+ PORT_ArenaRelease(cinfo->poolp, mark);
+ return SECFailure;
+ }
+ rv = SECITEM_CopyItem(cinfo->poolp, digest, digestdata);
+ if (rv != SECSuccess) {
+ PORT_ArenaRelease(cinfo->poolp, mark);
+ return SECFailure;
+ }
+ digests[0] = digest;
+ digests[1] = NULL;
} else {
- digests = NULL;
+ digests = NULL;
}
*signerinfosp = signerinfos;
@@ -315,40 +306,38 @@ sec_pkcs7_add_signer (SEC_PKCS7ContentInfo *cinfo,
return SECSuccess;
}
-
/*
* Helper function for creating an empty signedData.
*/
static SEC_PKCS7ContentInfo *
-sec_pkcs7_create_signed_data (SECKEYGetPasswordKey pwfn, void *pwfn_arg)
+sec_pkcs7_create_signed_data(SECKEYGetPasswordKey pwfn, void *pwfn_arg)
{
SEC_PKCS7ContentInfo *cinfo;
SEC_PKCS7SignedData *sigd;
SECStatus rv;
- cinfo = sec_pkcs7_create_content_info (SEC_OID_PKCS7_SIGNED_DATA, PR_FALSE,
- pwfn, pwfn_arg);
+ cinfo = sec_pkcs7_create_content_info(SEC_OID_PKCS7_SIGNED_DATA, PR_FALSE,
+ pwfn, pwfn_arg);
if (cinfo == NULL)
- return NULL;
+ return NULL;
sigd = cinfo->content.signedData;
- PORT_Assert (sigd != NULL);
+ PORT_Assert(sigd != NULL);
/*
* XXX Might we want to allow content types other than data?
* If so, via what interface?
*/
- rv = sec_pkcs7_init_content_info (&(sigd->contentInfo), cinfo->poolp,
- SEC_OID_PKCS7_DATA, PR_TRUE);
+ rv = sec_pkcs7_init_content_info(&(sigd->contentInfo), cinfo->poolp,
+ SEC_OID_PKCS7_DATA, PR_TRUE);
if (rv != SECSuccess) {
- SEC_PKCS7DestroyContentInfo (cinfo);
- return NULL;
+ SEC_PKCS7DestroyContentInfo(cinfo);
+ return NULL;
}
return cinfo;
}
-
/*
* Start a PKCS7 signing context.
*
@@ -378,70 +367,69 @@ sec_pkcs7_create_signed_data (SECKEYGetPasswordKey pwfn, void *pwfn_arg)
* (Retrieve specific errors via PORT_GetError()/XP_GetError().)
*/
SEC_PKCS7ContentInfo *
-SEC_PKCS7CreateSignedData (CERTCertificate *cert,
- SECCertUsage certusage,
- CERTCertDBHandle *certdb,
- SECOidTag digestalg,
- SECItem *digest,
- SECKEYGetPasswordKey pwfn, void *pwfn_arg)
+SEC_PKCS7CreateSignedData(CERTCertificate *cert,
+ SECCertUsage certusage,
+ CERTCertDBHandle *certdb,
+ SECOidTag digestalg,
+ SECItem *digest,
+ SECKEYGetPasswordKey pwfn, void *pwfn_arg)
{
SEC_PKCS7ContentInfo *cinfo;
SECStatus rv;
- cinfo = sec_pkcs7_create_signed_data (pwfn, pwfn_arg);
+ cinfo = sec_pkcs7_create_signed_data(pwfn, pwfn_arg);
if (cinfo == NULL)
- return NULL;
+ return NULL;
- rv = sec_pkcs7_add_signer (cinfo, cert, certusage, certdb,
- digestalg, digest);
+ rv = sec_pkcs7_add_signer(cinfo, cert, certusage, certdb,
+ digestalg, digest);
if (rv != SECSuccess) {
- SEC_PKCS7DestroyContentInfo (cinfo);
- return NULL;
+ SEC_PKCS7DestroyContentInfo(cinfo);
+ return NULL;
}
return cinfo;
}
-
static SEC_PKCS7Attribute *
-sec_pkcs7_create_attribute (PLArenaPool *poolp, SECOidTag oidtag,
- SECItem *value, PRBool encoded)
+sec_pkcs7_create_attribute(PLArenaPool *poolp, SECOidTag oidtag,
+ SECItem *value, PRBool encoded)
{
SEC_PKCS7Attribute *attr;
SECItem **values;
void *mark;
- PORT_Assert (poolp != NULL);
- mark = PORT_ArenaMark (poolp);
+ PORT_Assert(poolp != NULL);
+ mark = PORT_ArenaMark(poolp);
- attr = (SEC_PKCS7Attribute*)PORT_ArenaAlloc (poolp,
- sizeof(SEC_PKCS7Attribute));
+ attr = (SEC_PKCS7Attribute *)PORT_ArenaAlloc(poolp,
+ sizeof(SEC_PKCS7Attribute));
if (attr == NULL)
- goto loser;
+ goto loser;
- attr->typeTag = SECOID_FindOIDByTag (oidtag);
+ attr->typeTag = SECOID_FindOIDByTag(oidtag);
if (attr->typeTag == NULL)
- goto loser;
+ goto loser;
- if (SECITEM_CopyItem (poolp, &(attr->type),
- &(attr->typeTag->oid)) != SECSuccess)
- goto loser;
+ if (SECITEM_CopyItem(poolp, &(attr->type),
+ &(attr->typeTag->oid)) != SECSuccess)
+ goto loser;
- values = (SECItem**)PORT_ArenaAlloc (poolp, 2 * sizeof(SECItem *));
+ values = (SECItem **)PORT_ArenaAlloc(poolp, 2 * sizeof(SECItem *));
if (values == NULL)
- goto loser;
+ goto loser;
if (value != NULL) {
- SECItem *copy;
+ SECItem *copy;
- copy = (SECItem*)PORT_ArenaAlloc (poolp, sizeof(SECItem));
- if (copy == NULL)
- goto loser;
+ copy = (SECItem *)PORT_ArenaAlloc(poolp, sizeof(SECItem));
+ if (copy == NULL)
+ goto loser;
- if (SECITEM_CopyItem (poolp, copy, value) != SECSuccess)
- goto loser;
+ if (SECITEM_CopyItem(poolp, copy, value) != SECSuccess)
+ goto loser;
- value = copy;
+ value = copy;
}
values[0] = value;
@@ -449,62 +437,61 @@ sec_pkcs7_create_attribute (PLArenaPool *poolp, SECOidTag oidtag,
attr->values = values;
attr->encoded = encoded;
- PORT_ArenaUnmark (poolp, mark);
+ PORT_ArenaUnmark(poolp, mark);
return attr;
loser:
- PORT_Assert (mark != NULL);
- PORT_ArenaRelease (poolp, mark);
+ PORT_Assert(mark != NULL);
+ PORT_ArenaRelease(poolp, mark);
return NULL;
}
-
static SECStatus
-sec_pkcs7_add_attribute (SEC_PKCS7ContentInfo *cinfo,
- SEC_PKCS7Attribute ***attrsp,
- SEC_PKCS7Attribute *attr)
+sec_pkcs7_add_attribute(SEC_PKCS7ContentInfo *cinfo,
+ SEC_PKCS7Attribute ***attrsp,
+ SEC_PKCS7Attribute *attr)
{
SEC_PKCS7Attribute **attrs;
SECItem *ct_value;
void *mark;
- PORT_Assert (SEC_PKCS7ContentType (cinfo) == SEC_OID_PKCS7_SIGNED_DATA);
- if (SEC_PKCS7ContentType (cinfo) != SEC_OID_PKCS7_SIGNED_DATA)
- return SECFailure;
+ PORT_Assert(SEC_PKCS7ContentType(cinfo) == SEC_OID_PKCS7_SIGNED_DATA);
+ if (SEC_PKCS7ContentType(cinfo) != SEC_OID_PKCS7_SIGNED_DATA)
+ return SECFailure;
attrs = *attrsp;
if (attrs != NULL) {
- int count;
+ int count;
- /*
+ /*
* We already have some attributes, and just need to add this
* new one.
*/
- /*
+ /*
* We should already have the *required* attributes, which were
* created/added at the same time the first attribute was added.
*/
- PORT_Assert (sec_PKCS7FindAttribute (attrs,
- SEC_OID_PKCS9_CONTENT_TYPE,
- PR_FALSE) != NULL);
- PORT_Assert (sec_PKCS7FindAttribute (attrs,
- SEC_OID_PKCS9_MESSAGE_DIGEST,
- PR_FALSE) != NULL);
-
- for (count = 0; attrs[count] != NULL; count++)
- ;
- attrs = (SEC_PKCS7Attribute**)PORT_ArenaGrow (cinfo->poolp, attrs,
- (count + 1) * sizeof(SEC_PKCS7Attribute *),
- (count + 2) * sizeof(SEC_PKCS7Attribute *));
- if (attrs == NULL)
- return SECFailure;
-
- attrs[count] = attr;
- attrs[count+1] = NULL;
- *attrsp = attrs;
-
- return SECSuccess;
+ PORT_Assert(sec_PKCS7FindAttribute(attrs,
+ SEC_OID_PKCS9_CONTENT_TYPE,
+ PR_FALSE) != NULL);
+ PORT_Assert(sec_PKCS7FindAttribute(attrs,
+ SEC_OID_PKCS9_MESSAGE_DIGEST,
+ PR_FALSE) != NULL);
+
+ for (count = 0; attrs[count] != NULL; count++)
+ ;
+ attrs = (SEC_PKCS7Attribute **)PORT_ArenaGrow(cinfo->poolp, attrs,
+ (count + 1) * sizeof(SEC_PKCS7Attribute *),
+ (count + 2) * sizeof(SEC_PKCS7Attribute *));
+ if (attrs == NULL)
+ return SECFailure;
+
+ attrs[count] = attr;
+ attrs[count + 1] = NULL;
+ *attrsp = attrs;
+
+ return SECSuccess;
}
/*
@@ -517,43 +504,42 @@ sec_pkcs7_add_attribute (SEC_PKCS7ContentInfo *cinfo,
* There are 2 required attributes, plus the one our caller wants
* to add, plus we always end with a NULL one. Thus, four slots.
*/
- attrs = (SEC_PKCS7Attribute**)PORT_ArenaAlloc (cinfo->poolp,
- 4 * sizeof(SEC_PKCS7Attribute *));
+ attrs = (SEC_PKCS7Attribute **)PORT_ArenaAlloc(cinfo->poolp,
+ 4 * sizeof(SEC_PKCS7Attribute *));
if (attrs == NULL)
- return SECFailure;
+ return SECFailure;
- mark = PORT_ArenaMark (cinfo->poolp);
+ mark = PORT_ArenaMark(cinfo->poolp);
/*
* First required attribute is the content type of the data
* being signed.
*/
ct_value = &(cinfo->content.signedData->contentInfo.contentType);
- attrs[0] = sec_pkcs7_create_attribute (cinfo->poolp,
- SEC_OID_PKCS9_CONTENT_TYPE,
- ct_value, PR_FALSE);
+ attrs[0] = sec_pkcs7_create_attribute(cinfo->poolp,
+ SEC_OID_PKCS9_CONTENT_TYPE,
+ ct_value, PR_FALSE);
/*
* Second required attribute is the message digest of the data
* being signed; we leave the value NULL for now (just create
* the place for it to go), and the encoder will fill it in later.
*/
- attrs[1] = sec_pkcs7_create_attribute (cinfo->poolp,
- SEC_OID_PKCS9_MESSAGE_DIGEST,
- NULL, PR_FALSE);
+ attrs[1] = sec_pkcs7_create_attribute(cinfo->poolp,
+ SEC_OID_PKCS9_MESSAGE_DIGEST,
+ NULL, PR_FALSE);
if (attrs[0] == NULL || attrs[1] == NULL) {
- PORT_ArenaRelease (cinfo->poolp, mark);
- return SECFailure;
+ PORT_ArenaRelease(cinfo->poolp, mark);
+ return SECFailure;
}
attrs[2] = attr;
attrs[3] = NULL;
*attrsp = attrs;
- PORT_ArenaUnmark (cinfo->poolp, mark);
+ PORT_ArenaUnmark(cinfo->poolp, mark);
return SECSuccess;
}
-
/*
* Add the signing time to the authenticated (i.e. signed) attributes
* of "cinfo". This is expected to be included in outgoing signed
@@ -571,7 +557,7 @@ sec_pkcs7_add_attribute (SEC_PKCS7ContentInfo *cinfo,
* if it is not.
*/
SECStatus
-SEC_PKCS7AddSigningTime (SEC_PKCS7ContentInfo *cinfo)
+SEC_PKCS7AddSigningTime(SEC_PKCS7ContentInfo *cinfo)
{
SEC_PKCS7SignerInfo **signerinfos;
SEC_PKCS7Attribute *attr;
@@ -579,48 +565,47 @@ SEC_PKCS7AddSigningTime (SEC_PKCS7ContentInfo *cinfo)
SECStatus rv;
int si;
- PORT_Assert (SEC_PKCS7ContentType (cinfo) == SEC_OID_PKCS7_SIGNED_DATA);
- if (SEC_PKCS7ContentType (cinfo) != SEC_OID_PKCS7_SIGNED_DATA)
- return SECFailure;
+ PORT_Assert(SEC_PKCS7ContentType(cinfo) == SEC_OID_PKCS7_SIGNED_DATA);
+ if (SEC_PKCS7ContentType(cinfo) != SEC_OID_PKCS7_SIGNED_DATA)
+ return SECFailure;
signerinfos = cinfo->content.signedData->signerInfos;
/* There has to be a signer, or it makes no sense. */
if (signerinfos == NULL || signerinfos[0] == NULL)
- return SECFailure;
+ return SECFailure;
rv = DER_EncodeTimeChoice(NULL, &stime, PR_Now());
if (rv != SECSuccess)
- return rv;
+ return rv;
- attr = sec_pkcs7_create_attribute (cinfo->poolp,
- SEC_OID_PKCS9_SIGNING_TIME,
- &stime, PR_FALSE);
- SECITEM_FreeItem (&stime, PR_FALSE);
+ attr = sec_pkcs7_create_attribute(cinfo->poolp,
+ SEC_OID_PKCS9_SIGNING_TIME,
+ &stime, PR_FALSE);
+ SECITEM_FreeItem(&stime, PR_FALSE);
if (attr == NULL)
- return SECFailure;
+ return SECFailure;
rv = SECSuccess;
for (si = 0; signerinfos[si] != NULL; si++) {
- SEC_PKCS7Attribute *oattr;
-
- oattr = sec_PKCS7FindAttribute (signerinfos[si]->authAttr,
- SEC_OID_PKCS9_SIGNING_TIME, PR_FALSE);
- PORT_Assert (oattr == NULL);
- if (oattr != NULL)
- continue; /* XXX or would it be better to replace it? */
-
- rv = sec_pkcs7_add_attribute (cinfo, &(signerinfos[si]->authAttr),
- attr);
- if (rv != SECSuccess)
- break; /* could try to continue, but may as well give up now */
+ SEC_PKCS7Attribute *oattr;
+
+ oattr = sec_PKCS7FindAttribute(signerinfos[si]->authAttr,
+ SEC_OID_PKCS9_SIGNING_TIME, PR_FALSE);
+ PORT_Assert(oattr == NULL);
+ if (oattr != NULL)
+ continue; /* XXX or would it be better to replace it? */
+
+ rv = sec_pkcs7_add_attribute(cinfo, &(signerinfos[si]->authAttr),
+ attr);
+ if (rv != SECSuccess)
+ break; /* could try to continue, but may as well give up now */
}
return rv;
}
-
/*
* Add the specified attribute to the authenticated (i.e. signed) attributes
* of "cinfo" -- "oidtag" describes the attribute and "value" is the
@@ -640,16 +625,16 @@ SEC_PKCS7AddSigningTime (SEC_PKCS7ContentInfo *cinfo)
* if it is not.
*/
SECStatus
-SEC_PKCS7AddSignedAttribute (SEC_PKCS7ContentInfo *cinfo,
- SECOidTag oidtag,
- SECItem *value)
+SEC_PKCS7AddSignedAttribute(SEC_PKCS7ContentInfo *cinfo,
+ SECOidTag oidtag,
+ SECItem *value)
{
SEC_PKCS7SignerInfo **signerinfos;
SEC_PKCS7Attribute *attr;
- PORT_Assert (SEC_PKCS7ContentType (cinfo) == SEC_OID_PKCS7_SIGNED_DATA);
- if (SEC_PKCS7ContentType (cinfo) != SEC_OID_PKCS7_SIGNED_DATA)
- return SECFailure;
+ PORT_Assert(SEC_PKCS7ContentType(cinfo) == SEC_OID_PKCS7_SIGNED_DATA);
+ if (SEC_PKCS7ContentType(cinfo) != SEC_OID_PKCS7_SIGNED_DATA)
+ return SECFailure;
signerinfos = cinfo->content.signedData->signerInfos;
@@ -657,15 +642,14 @@ SEC_PKCS7AddSignedAttribute (SEC_PKCS7ContentInfo *cinfo,
* No signature or more than one means no deal.
*/
if (signerinfos == NULL || signerinfos[0] == NULL || signerinfos[1] != NULL)
- return SECFailure;
+ return SECFailure;
- attr = sec_pkcs7_create_attribute (cinfo->poolp, oidtag, value, PR_TRUE);
+ attr = sec_pkcs7_create_attribute(cinfo->poolp, oidtag, value, PR_TRUE);
if (attr == NULL)
- return SECFailure;
+ return SECFailure;
- return sec_pkcs7_add_attribute (cinfo, &(signerinfos[0]->authAttr), attr);
+ return sec_pkcs7_add_attribute(cinfo, &(signerinfos[0]->authAttr), attr);
}
-
/*
* Mark that the signer certificates and their issuing chain should
@@ -679,115 +663,110 @@ SEC_PKCS7AddSignedAttribute (SEC_PKCS7ContentInfo *cinfo,
* SECFailure will be returned if it is not.
*/
SECStatus
-SEC_PKCS7IncludeCertChain (SEC_PKCS7ContentInfo *cinfo,
- CERTCertDBHandle *certdb)
+SEC_PKCS7IncludeCertChain(SEC_PKCS7ContentInfo *cinfo,
+ CERTCertDBHandle *certdb)
{
SECOidTag kind;
SEC_PKCS7SignerInfo *signerinfo, **signerinfos;
- kind = SEC_PKCS7ContentType (cinfo);
+ kind = SEC_PKCS7ContentType(cinfo);
switch (kind) {
- case SEC_OID_PKCS7_SIGNED_DATA:
- signerinfos = cinfo->content.signedData->signerInfos;
- break;
- case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
- signerinfos = cinfo->content.signedAndEnvelopedData->signerInfos;
- break;
- default:
- return SECFailure; /* XXX set an error? */
+ case SEC_OID_PKCS7_SIGNED_DATA:
+ signerinfos = cinfo->content.signedData->signerInfos;
+ break;
+ case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
+ signerinfos = cinfo->content.signedAndEnvelopedData->signerInfos;
+ break;
+ default:
+ return SECFailure; /* XXX set an error? */
}
- if (signerinfos == NULL) /* no signer, no certs? */
- return SECFailure; /* XXX set an error? */
+ if (signerinfos == NULL) /* no signer, no certs? */
+ return SECFailure; /* XXX set an error? */
if (certdb == NULL) {
- certdb = CERT_GetDefaultCertDB();
- if (certdb == NULL) {
- PORT_SetError (SEC_ERROR_BAD_DATABASE);
- return SECFailure;
- }
+ certdb = CERT_GetDefaultCertDB();
+ if (certdb == NULL) {
+ PORT_SetError(SEC_ERROR_BAD_DATABASE);
+ return SECFailure;
+ }
}
/* XXX Should it be an error if we find no signerinfo or no certs? */
while ((signerinfo = *signerinfos++) != NULL) {
- if (signerinfo->cert != NULL)
- /* get the cert chain. don't send the root to avoid contamination
+ if (signerinfo->cert != NULL)
+ /* get the cert chain. don't send the root to avoid contamination
* of old clients with a new root that they don't trust
*/
- signerinfo->certList = CERT_CertChainFromCert (signerinfo->cert,
- certUsageEmailSigner,
- PR_FALSE);
+ signerinfo->certList = CERT_CertChainFromCert(signerinfo->cert,
+ certUsageEmailSigner,
+ PR_FALSE);
}
return SECSuccess;
}
-
/*
* Helper function to add a certificate chain for inclusion in the
* bag of certificates in a signedData.
*/
static SECStatus
-sec_pkcs7_add_cert_chain (SEC_PKCS7ContentInfo *cinfo,
- CERTCertificate *cert,
- CERTCertDBHandle *certdb)
+sec_pkcs7_add_cert_chain(SEC_PKCS7ContentInfo *cinfo,
+ CERTCertificate *cert,
+ CERTCertDBHandle *certdb)
{
SECOidTag kind;
CERTCertificateList *certlist, **certlists, ***certlistsp;
int count;
- kind = SEC_PKCS7ContentType (cinfo);
+ kind = SEC_PKCS7ContentType(cinfo);
switch (kind) {
- case SEC_OID_PKCS7_SIGNED_DATA:
- {
- SEC_PKCS7SignedData *sdp;
-
- sdp = cinfo->content.signedData;
- certlistsp = &(sdp->certLists);
- }
- break;
- case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
- {
- SEC_PKCS7SignedAndEnvelopedData *saedp;
-
- saedp = cinfo->content.signedAndEnvelopedData;
- certlistsp = &(saedp->certLists);
- }
- break;
- default:
- return SECFailure; /* XXX set an error? */
+ case SEC_OID_PKCS7_SIGNED_DATA: {
+ SEC_PKCS7SignedData *sdp;
+
+ sdp = cinfo->content.signedData;
+ certlistsp = &(sdp->certLists);
+ } break;
+ case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: {
+ SEC_PKCS7SignedAndEnvelopedData *saedp;
+
+ saedp = cinfo->content.signedAndEnvelopedData;
+ certlistsp = &(saedp->certLists);
+ } break;
+ default:
+ return SECFailure; /* XXX set an error? */
}
if (certdb == NULL) {
- certdb = CERT_GetDefaultCertDB();
- if (certdb == NULL) {
- PORT_SetError (SEC_ERROR_BAD_DATABASE);
- return SECFailure;
- }
+ certdb = CERT_GetDefaultCertDB();
+ if (certdb == NULL) {
+ PORT_SetError(SEC_ERROR_BAD_DATABASE);
+ return SECFailure;
+ }
}
- certlist = CERT_CertChainFromCert (cert, certUsageEmailSigner, PR_FALSE);
+ certlist = CERT_CertChainFromCert(cert, certUsageEmailSigner, PR_FALSE);
if (certlist == NULL)
- return SECFailure;
+ return SECFailure;
certlists = *certlistsp;
if (certlists == NULL) {
- count = 0;
- certlists = (CERTCertificateList**)PORT_ArenaAlloc (cinfo->poolp,
- 2 * sizeof(CERTCertificateList *));
+ count = 0;
+ certlists = (CERTCertificateList **)PORT_ArenaAlloc(cinfo->poolp,
+ 2 * sizeof(CERTCertificateList *));
} else {
- for (count = 0; certlists[count] != NULL; count++)
- ;
- PORT_Assert (count); /* should be at least one already */
- certlists = (CERTCertificateList**)PORT_ArenaGrow (cinfo->poolp,
- certlists,
- (count + 1) * sizeof(CERTCertificateList *),
- (count + 2) * sizeof(CERTCertificateList *));
+ for (count = 0; certlists[count] != NULL; count++)
+ ;
+ PORT_Assert(count); /* should be at least one already */
+ certlists = (CERTCertificateList **)PORT_ArenaGrow(cinfo->poolp,
+ certlists,
+ (count + 1) * sizeof(CERTCertificateList *),
+ (count + 2) * sizeof(CERTCertificateList *));
}
if (certlists == NULL) {
- CERT_DestroyCertificateList (certlist);
- return SECFailure;
+ CERT_DestroyCertificateList(certlist);
+ return SECFailure;
}
certlists[count] = certlist;
@@ -798,62 +777,57 @@ sec_pkcs7_add_cert_chain (SEC_PKCS7ContentInfo *cinfo,
return SECSuccess;
}
-
/*
* Helper function to add a certificate for inclusion in the bag of
* certificates in a signedData.
*/
static SECStatus
-sec_pkcs7_add_certificate (SEC_PKCS7ContentInfo *cinfo,
- CERTCertificate *cert)
+sec_pkcs7_add_certificate(SEC_PKCS7ContentInfo *cinfo,
+ CERTCertificate *cert)
{
SECOidTag kind;
CERTCertificate **certs, ***certsp;
int count;
- kind = SEC_PKCS7ContentType (cinfo);
+ kind = SEC_PKCS7ContentType(cinfo);
switch (kind) {
- case SEC_OID_PKCS7_SIGNED_DATA:
- {
- SEC_PKCS7SignedData *sdp;
-
- sdp = cinfo->content.signedData;
- certsp = &(sdp->certs);
- }
- break;
- case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
- {
- SEC_PKCS7SignedAndEnvelopedData *saedp;
-
- saedp = cinfo->content.signedAndEnvelopedData;
- certsp = &(saedp->certs);
- }
- break;
- default:
- return SECFailure; /* XXX set an error? */
+ case SEC_OID_PKCS7_SIGNED_DATA: {
+ SEC_PKCS7SignedData *sdp;
+
+ sdp = cinfo->content.signedData;
+ certsp = &(sdp->certs);
+ } break;
+ case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: {
+ SEC_PKCS7SignedAndEnvelopedData *saedp;
+
+ saedp = cinfo->content.signedAndEnvelopedData;
+ certsp = &(saedp->certs);
+ } break;
+ default:
+ return SECFailure; /* XXX set an error? */
}
- cert = CERT_DupCertificate (cert);
+ cert = CERT_DupCertificate(cert);
if (cert == NULL)
- return SECFailure;
+ return SECFailure;
certs = *certsp;
if (certs == NULL) {
- count = 0;
- certs = (CERTCertificate**)PORT_ArenaAlloc (cinfo->poolp,
- 2 * sizeof(CERTCertificate *));
+ count = 0;
+ certs = (CERTCertificate **)PORT_ArenaAlloc(cinfo->poolp,
+ 2 * sizeof(CERTCertificate *));
} else {
- for (count = 0; certs[count] != NULL; count++)
- ;
- PORT_Assert (count); /* should be at least one already */
- certs = (CERTCertificate**)PORT_ArenaGrow (cinfo->poolp, certs,
- (count + 1) * sizeof(CERTCertificate *),
- (count + 2) * sizeof(CERTCertificate *));
+ for (count = 0; certs[count] != NULL; count++)
+ ;
+ PORT_Assert(count); /* should be at least one already */
+ certs = (CERTCertificate **)PORT_ArenaGrow(cinfo->poolp, certs,
+ (count + 1) * sizeof(CERTCertificate *),
+ (count + 2) * sizeof(CERTCertificate *));
}
if (certs == NULL) {
- CERT_DestroyCertificate (cert);
- return SECFailure;
+ CERT_DestroyCertificate(cert);
+ return SECFailure;
}
certs[count] = cert;
@@ -864,7 +838,6 @@ sec_pkcs7_add_certificate (SEC_PKCS7ContentInfo *cinfo,
return SECSuccess;
}
-
/*
* Create a PKCS7 certs-only container.
*
@@ -883,31 +856,30 @@ sec_pkcs7_add_certificate (SEC_PKCS7ContentInfo *cinfo,
* (Retrieve specific errors via PORT_GetError()/XP_GetError().)
*/
SEC_PKCS7ContentInfo *
-SEC_PKCS7CreateCertsOnly (CERTCertificate *cert,
- PRBool include_chain,
- CERTCertDBHandle *certdb)
+SEC_PKCS7CreateCertsOnly(CERTCertificate *cert,
+ PRBool include_chain,
+ CERTCertDBHandle *certdb)
{
SEC_PKCS7ContentInfo *cinfo;
SECStatus rv;
- cinfo = sec_pkcs7_create_signed_data (NULL, NULL);
+ cinfo = sec_pkcs7_create_signed_data(NULL, NULL);
if (cinfo == NULL)
- return NULL;
+ return NULL;
if (include_chain)
- rv = sec_pkcs7_add_cert_chain (cinfo, cert, certdb);
+ rv = sec_pkcs7_add_cert_chain(cinfo, cert, certdb);
else
- rv = sec_pkcs7_add_certificate (cinfo, cert);
+ rv = sec_pkcs7_add_certificate(cinfo, cert);
if (rv != SECSuccess) {
- SEC_PKCS7DestroyContentInfo (cinfo);
- return NULL;
+ SEC_PKCS7DestroyContentInfo(cinfo);
+ return NULL;
}
return cinfo;
}
-
/*
* Add "cert" and its entire chain to the set of certs included in "cinfo".
*
@@ -918,21 +890,19 @@ SEC_PKCS7CreateCertsOnly (CERTCertificate *cert,
* SECFailure will be returned if it is not.
*/
SECStatus
-SEC_PKCS7AddCertChain (SEC_PKCS7ContentInfo *cinfo,
- CERTCertificate *cert,
- CERTCertDBHandle *certdb)
+SEC_PKCS7AddCertChain(SEC_PKCS7ContentInfo *cinfo,
+ CERTCertificate *cert,
+ CERTCertDBHandle *certdb)
{
SECOidTag kind;
- kind = SEC_PKCS7ContentType (cinfo);
- if (kind != SEC_OID_PKCS7_SIGNED_DATA
- && kind != SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA)
- return SECFailure; /* XXX set an error? */
+ kind = SEC_PKCS7ContentType(cinfo);
+ if (kind != SEC_OID_PKCS7_SIGNED_DATA && kind != SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA)
+ return SECFailure; /* XXX set an error? */
- return sec_pkcs7_add_cert_chain (cinfo, cert, certdb);
+ return sec_pkcs7_add_cert_chain(cinfo, cert, certdb);
}
-
/*
* Add "cert" to the set of certs included in "cinfo".
*
@@ -940,30 +910,28 @@ SEC_PKCS7AddCertChain (SEC_PKCS7ContentInfo *cinfo,
* SECFailure will be returned if it is not.
*/
SECStatus
-SEC_PKCS7AddCertificate (SEC_PKCS7ContentInfo *cinfo, CERTCertificate *cert)
+SEC_PKCS7AddCertificate(SEC_PKCS7ContentInfo *cinfo, CERTCertificate *cert)
{
SECOidTag kind;
- kind = SEC_PKCS7ContentType (cinfo);
- if (kind != SEC_OID_PKCS7_SIGNED_DATA
- && kind != SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA)
- return SECFailure; /* XXX set an error? */
+ kind = SEC_PKCS7ContentType(cinfo);
+ if (kind != SEC_OID_PKCS7_SIGNED_DATA && kind != SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA)
+ return SECFailure; /* XXX set an error? */
- return sec_pkcs7_add_certificate (cinfo, cert);
+ return sec_pkcs7_add_certificate(cinfo, cert);
}
-
static SECStatus
-sec_pkcs7_init_encrypted_content_info (SEC_PKCS7EncryptedContentInfo *enccinfo,
- PLArenaPool *poolp,
- SECOidTag kind, PRBool detached,
- SECOidTag encalg, int keysize)
+sec_pkcs7_init_encrypted_content_info(SEC_PKCS7EncryptedContentInfo *enccinfo,
+ PLArenaPool *poolp,
+ SECOidTag kind, PRBool detached,
+ SECOidTag encalg, int keysize)
{
SECStatus rv;
- PORT_Assert (enccinfo != NULL && poolp != NULL);
+ PORT_Assert(enccinfo != NULL && poolp != NULL);
if (enccinfo == NULL || poolp == NULL)
- return SECFailure;
+ return SECFailure;
/*
* XXX Some day we may want to allow for other kinds. That needs
@@ -972,16 +940,15 @@ sec_pkcs7_init_encrypted_content_info (SEC_PKCS7EncryptedContentInfo *enccinfo,
* They are responsible for creating the inner type and encoding,
* if it is other than DATA.
*/
- PORT_Assert (kind == SEC_OID_PKCS7_DATA);
+ PORT_Assert(kind == SEC_OID_PKCS7_DATA);
- enccinfo->contentTypeTag = SECOID_FindOIDByTag (kind);
- PORT_Assert (enccinfo->contentTypeTag
- && enccinfo->contentTypeTag->offset == kind);
+ enccinfo->contentTypeTag = SECOID_FindOIDByTag(kind);
+ PORT_Assert(enccinfo->contentTypeTag && enccinfo->contentTypeTag->offset == kind);
- rv = SECITEM_CopyItem (poolp, &(enccinfo->contentType),
- &(enccinfo->contentTypeTag->oid));
+ rv = SECITEM_CopyItem(poolp, &(enccinfo->contentType),
+ &(enccinfo->contentTypeTag->oid));
if (rv != SECSuccess)
- return rv;
+ return rv;
/* Save keysize and algorithm for later. */
enccinfo->keysize = keysize;
@@ -990,16 +957,15 @@ sec_pkcs7_init_encrypted_content_info (SEC_PKCS7EncryptedContentInfo *enccinfo,
return SECSuccess;
}
-
/*
* Add a recipient to a PKCS7 thing, verifying their cert first.
* Any error returns SECFailure.
*/
static SECStatus
-sec_pkcs7_add_recipient (SEC_PKCS7ContentInfo *cinfo,
- CERTCertificate *cert,
- SECCertUsage certusage,
- CERTCertDBHandle *certdb)
+sec_pkcs7_add_recipient(SEC_PKCS7ContentInfo *cinfo,
+ CERTCertificate *cert,
+ SECCertUsage certusage,
+ CERTCertDBHandle *certdb)
{
SECOidTag kind;
SEC_PKCS7RecipientInfo *recipientinfo, **recipientinfos, ***recipientinfosp;
@@ -1007,26 +973,22 @@ sec_pkcs7_add_recipient (SEC_PKCS7ContentInfo *cinfo,
void *mark;
int count;
- kind = SEC_PKCS7ContentType (cinfo);
+ kind = SEC_PKCS7ContentType(cinfo);
switch (kind) {
- case SEC_OID_PKCS7_ENVELOPED_DATA:
- {
- SEC_PKCS7EnvelopedData *edp;
-
- edp = cinfo->content.envelopedData;
- recipientinfosp = &(edp->recipientInfos);
- }
- break;
- case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
- {
- SEC_PKCS7SignedAndEnvelopedData *saedp;
-
- saedp = cinfo->content.signedAndEnvelopedData;
- recipientinfosp = &(saedp->recipientInfos);
- }
- break;
- default:
- return SECFailure; /* XXX set an error? */
+ case SEC_OID_PKCS7_ENVELOPED_DATA: {
+ SEC_PKCS7EnvelopedData *edp;
+
+ edp = cinfo->content.envelopedData;
+ recipientinfosp = &(edp->recipientInfos);
+ } break;
+ case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: {
+ SEC_PKCS7SignedAndEnvelopedData *saedp;
+
+ saedp = cinfo->content.signedAndEnvelopedData;
+ recipientinfosp = &(saedp->recipientInfos);
+ } break;
+ default:
+ return SECFailure; /* XXX set an error? */
}
/*
@@ -1034,45 +996,44 @@ sec_pkcs7_add_recipient (SEC_PKCS7ContentInfo *cinfo,
* a NULL database.
*/
if (certdb == NULL) {
- certdb = CERT_GetDefaultCertDB();
- if (certdb == NULL)
- return SECFailure; /* XXX set an error? */
+ certdb = CERT_GetDefaultCertDB();
+ if (certdb == NULL)
+ return SECFailure; /* XXX set an error? */
}
- if (CERT_VerifyCert (certdb, cert, PR_TRUE, certusage, PR_Now(),
- cinfo->pwfn_arg, NULL) != SECSuccess)
- {
- /* XXX Did CERT_VerifyCert set an error? */
- return SECFailure;
+ if (CERT_VerifyCert(certdb, cert, PR_TRUE, certusage, PR_Now(),
+ cinfo->pwfn_arg, NULL) != SECSuccess) {
+ /* XXX Did CERT_VerifyCert set an error? */
+ return SECFailure;
}
- mark = PORT_ArenaMark (cinfo->poolp);
+ mark = PORT_ArenaMark(cinfo->poolp);
- recipientinfo = (SEC_PKCS7RecipientInfo*)PORT_ArenaZAlloc (cinfo->poolp,
- sizeof(SEC_PKCS7RecipientInfo));
+ recipientinfo = (SEC_PKCS7RecipientInfo *)PORT_ArenaZAlloc(cinfo->poolp,
+ sizeof(SEC_PKCS7RecipientInfo));
if (recipientinfo == NULL) {
- PORT_ArenaRelease (cinfo->poolp, mark);
- return SECFailure;
+ PORT_ArenaRelease(cinfo->poolp, mark);
+ return SECFailure;
}
- dummy = SEC_ASN1EncodeInteger (cinfo->poolp, &recipientinfo->version,
- SEC_PKCS7_RECIPIENT_INFO_VERSION);
+ dummy = SEC_ASN1EncodeInteger(cinfo->poolp, &recipientinfo->version,
+ SEC_PKCS7_RECIPIENT_INFO_VERSION);
if (dummy == NULL) {
- PORT_ArenaRelease (cinfo->poolp, mark);
- return SECFailure;
+ PORT_ArenaRelease(cinfo->poolp, mark);
+ return SECFailure;
}
- PORT_Assert (dummy == &recipientinfo->version);
+ PORT_Assert(dummy == &recipientinfo->version);
- recipientinfo->cert = CERT_DupCertificate (cert);
+ recipientinfo->cert = CERT_DupCertificate(cert);
if (recipientinfo->cert == NULL) {
- PORT_ArenaRelease (cinfo->poolp, mark);
- return SECFailure;
+ PORT_ArenaRelease(cinfo->poolp, mark);
+ return SECFailure;
}
- recipientinfo->issuerAndSN = CERT_GetCertIssuerAndSN (cinfo->poolp, cert);
+ recipientinfo->issuerAndSN = CERT_GetCertIssuerAndSN(cinfo->poolp, cert);
if (recipientinfo->issuerAndSN == NULL) {
- PORT_ArenaRelease (cinfo->poolp, mark);
- return SECFailure;
+ PORT_ArenaRelease(cinfo->poolp, mark);
+ return SECFailure;
}
/*
@@ -1084,23 +1045,23 @@ sec_pkcs7_add_recipient (SEC_PKCS7ContentInfo *cinfo,
*/
recipientinfos = *recipientinfosp;
if (recipientinfos == NULL) {
- count = 0;
- recipientinfos = (SEC_PKCS7RecipientInfo **)PORT_ArenaAlloc (
- cinfo->poolp,
- 2 * sizeof(SEC_PKCS7RecipientInfo *));
+ count = 0;
+ recipientinfos = (SEC_PKCS7RecipientInfo **)PORT_ArenaAlloc(
+ cinfo->poolp,
+ 2 * sizeof(SEC_PKCS7RecipientInfo *));
} else {
- for (count = 0; recipientinfos[count] != NULL; count++)
- ;
- PORT_Assert (count); /* should be at least one already */
- recipientinfos = (SEC_PKCS7RecipientInfo **)PORT_ArenaGrow (
- cinfo->poolp, recipientinfos,
- (count + 1) * sizeof(SEC_PKCS7RecipientInfo *),
- (count + 2) * sizeof(SEC_PKCS7RecipientInfo *));
+ for (count = 0; recipientinfos[count] != NULL; count++)
+ ;
+ PORT_Assert(count); /* should be at least one already */
+ recipientinfos = (SEC_PKCS7RecipientInfo **)PORT_ArenaGrow(
+ cinfo->poolp, recipientinfos,
+ (count + 1) * sizeof(SEC_PKCS7RecipientInfo *),
+ (count + 2) * sizeof(SEC_PKCS7RecipientInfo *));
}
if (recipientinfos == NULL) {
- PORT_ArenaRelease (cinfo->poolp, mark);
- return SECFailure;
+ PORT_ArenaRelease(cinfo->poolp, mark);
+ return SECFailure;
}
recipientinfos[count] = recipientinfo;
@@ -1108,11 +1069,10 @@ sec_pkcs7_add_recipient (SEC_PKCS7ContentInfo *cinfo,
*recipientinfosp = recipientinfos;
- PORT_ArenaUnmark (cinfo->poolp, mark);
+ PORT_ArenaUnmark(cinfo->poolp, mark);
return SECSuccess;
}
-
/*
* Start a PKCS7 enveloping context.
*
@@ -1140,42 +1100,42 @@ sec_pkcs7_add_recipient (SEC_PKCS7ContentInfo *cinfo,
* (Retrieve specific errors via PORT_GetError()/XP_GetError().)
*/
extern SEC_PKCS7ContentInfo *
-SEC_PKCS7CreateEnvelopedData (CERTCertificate *cert,
- SECCertUsage certusage,
- CERTCertDBHandle *certdb,
- SECOidTag encalg,
- int keysize,
- SECKEYGetPasswordKey pwfn, void *pwfn_arg)
+SEC_PKCS7CreateEnvelopedData(CERTCertificate *cert,
+ SECCertUsage certusage,
+ CERTCertDBHandle *certdb,
+ SECOidTag encalg,
+ int keysize,
+ SECKEYGetPasswordKey pwfn, void *pwfn_arg)
{
SEC_PKCS7ContentInfo *cinfo;
SEC_PKCS7EnvelopedData *envd;
SECStatus rv;
- cinfo = sec_pkcs7_create_content_info (SEC_OID_PKCS7_ENVELOPED_DATA,
- PR_FALSE, pwfn, pwfn_arg);
+ cinfo = sec_pkcs7_create_content_info(SEC_OID_PKCS7_ENVELOPED_DATA,
+ PR_FALSE, pwfn, pwfn_arg);
if (cinfo == NULL)
- return NULL;
+ return NULL;
- rv = sec_pkcs7_add_recipient (cinfo, cert, certusage, certdb);
+ rv = sec_pkcs7_add_recipient(cinfo, cert, certusage, certdb);
if (rv != SECSuccess) {
- SEC_PKCS7DestroyContentInfo (cinfo);
- return NULL;
+ SEC_PKCS7DestroyContentInfo(cinfo);
+ return NULL;
}
envd = cinfo->content.envelopedData;
- PORT_Assert (envd != NULL);
+ PORT_Assert(envd != NULL);
/*
* XXX Might we want to allow content types other than data?
* If so, via what interface?
*/
- rv = sec_pkcs7_init_encrypted_content_info (&(envd->encContentInfo),
- cinfo->poolp,
- SEC_OID_PKCS7_DATA, PR_FALSE,
- encalg, keysize);
+ rv = sec_pkcs7_init_encrypted_content_info(&(envd->encContentInfo),
+ cinfo->poolp,
+ SEC_OID_PKCS7_DATA, PR_FALSE,
+ encalg, keysize);
if (rv != SECSuccess) {
- SEC_PKCS7DestroyContentInfo (cinfo);
- return NULL;
+ SEC_PKCS7DestroyContentInfo(cinfo);
+ return NULL;
}
/* XXX Anything more to do here? */
@@ -1183,7 +1143,6 @@ SEC_PKCS7CreateEnvelopedData (CERTCertificate *cert,
return cinfo;
}
-
/*
* Add another recipient to an encrypted message.
*
@@ -1202,15 +1161,14 @@ SEC_PKCS7CreateEnvelopedData (CERTCertificate *cert,
* It can be NULL if a default database is available (like in the client).
*/
SECStatus
-SEC_PKCS7AddRecipient (SEC_PKCS7ContentInfo *cinfo,
- CERTCertificate *cert,
- SECCertUsage certusage,
- CERTCertDBHandle *certdb)
+SEC_PKCS7AddRecipient(SEC_PKCS7ContentInfo *cinfo,
+ CERTCertificate *cert,
+ SECCertUsage certusage,
+ CERTCertDBHandle *certdb)
{
- return sec_pkcs7_add_recipient (cinfo, cert, certusage, certdb);
+ return sec_pkcs7_add_recipient(cinfo, cert, certusage, certdb);
}
-
/*
* Create an empty PKCS7 data content info.
*
@@ -1218,13 +1176,12 @@ SEC_PKCS7AddRecipient (SEC_PKCS7ContentInfo *cinfo,
* (Retrieve specific errors via PORT_GetError()/XP_GetError().)
*/
SEC_PKCS7ContentInfo *
-SEC_PKCS7CreateData (void)
+SEC_PKCS7CreateData(void)
{
- return sec_pkcs7_create_content_info (SEC_OID_PKCS7_DATA, PR_FALSE,
- NULL, NULL);
+ return sec_pkcs7_create_content_info(SEC_OID_PKCS7_DATA, PR_FALSE,
+ NULL, NULL);
}
-
/*
* Create an empty PKCS7 encrypted content info.
*
@@ -1234,24 +1191,24 @@ SEC_PKCS7CreateData (void)
* (Retrieve specific errors via PORT_GetError()/XP_GetError().)
*/
SEC_PKCS7ContentInfo *
-SEC_PKCS7CreateEncryptedData (SECOidTag algorithm, int keysize,
- SECKEYGetPasswordKey pwfn, void *pwfn_arg)
+SEC_PKCS7CreateEncryptedData(SECOidTag algorithm, int keysize,
+ SECKEYGetPasswordKey pwfn, void *pwfn_arg)
{
SEC_PKCS7ContentInfo *cinfo;
SECAlgorithmID *algid;
SEC_PKCS7EncryptedData *enc_data;
SECStatus rv;
- cinfo = sec_pkcs7_create_content_info (SEC_OID_PKCS7_ENCRYPTED_DATA,
- PR_FALSE, pwfn, pwfn_arg);
+ cinfo = sec_pkcs7_create_content_info(SEC_OID_PKCS7_ENCRYPTED_DATA,
+ PR_FALSE, pwfn, pwfn_arg);
if (cinfo == NULL)
- return NULL;
+ return NULL;
enc_data = cinfo->content.encryptedData;
algid = &(enc_data->encContentInfo.contentEncAlg);
if (!SEC_PKCS5IsAlgorithmPBEAlgTag(algorithm)) {
- rv = SECOID_SetAlgorithmID (cinfo->poolp, algid, algorithm, NULL);
+ rv = SECOID_SetAlgorithmID(cinfo->poolp, algid, algorithm, NULL);
} else {
/* Assume password-based-encryption.
* Note: we can't generate pkcs5v2 from this interface.
@@ -1260,32 +1217,31 @@ SEC_PKCS7CreateEncryptedData (SECOidTag algorithm, int keysize,
* NSS_CMSEncryptedData_Create accepts non-PBE oids as regular
* CMS encrypted data, so we can't tell SEC_PKCS7CreateEncryptedtedData
* to create pkcs5v2 PBEs */
- SECAlgorithmID *pbe_algid;
- pbe_algid = PK11_CreatePBEAlgorithmID(algorithm,
+ SECAlgorithmID *pbe_algid;
+ pbe_algid = PK11_CreatePBEAlgorithmID(algorithm,
NSS_PBE_DEFAULT_ITERATION_COUNT,
NULL);
- if (pbe_algid == NULL) {
- rv = SECFailure;
- } else {
- rv = SECOID_CopyAlgorithmID (cinfo->poolp, algid, pbe_algid);
- SECOID_DestroyAlgorithmID (pbe_algid, PR_TRUE);
- }
+ if (pbe_algid == NULL) {
+ rv = SECFailure;
+ } else {
+ rv = SECOID_CopyAlgorithmID(cinfo->poolp, algid, pbe_algid);
+ SECOID_DestroyAlgorithmID(pbe_algid, PR_TRUE);
+ }
}
if (rv != SECSuccess) {
- SEC_PKCS7DestroyContentInfo (cinfo);
- return NULL;
+ SEC_PKCS7DestroyContentInfo(cinfo);
+ return NULL;
}
- rv = sec_pkcs7_init_encrypted_content_info (&(enc_data->encContentInfo),
- cinfo->poolp,
- SEC_OID_PKCS7_DATA, PR_FALSE,
- algorithm, keysize);
+ rv = sec_pkcs7_init_encrypted_content_info(&(enc_data->encContentInfo),
+ cinfo->poolp,
+ SEC_OID_PKCS7_DATA, PR_FALSE,
+ algorithm, keysize);
if (rv != SECSuccess) {
- SEC_PKCS7DestroyContentInfo (cinfo);
- return NULL;
+ SEC_PKCS7DestroyContentInfo(cinfo);
+ return NULL;
}
return cinfo;
}
-
View Lorry Controller Status