diff options
author | Lorry Tar Creator <lorry-tar-importer@lorry> | 2017-01-04 14:24:24 +0000 |
---|---|---|
committer | Lorry Tar Creator <lorry-tar-importer@lorry> | 2017-01-04 14:24:24 +0000 |
commit | dc1565216a5d20ae0d75872151523252309a1292 (patch) | |
tree | d57454ba9a40386552179eddf60d28bd1e8f3d54 /nss/lib/smime/cmsencdata.c | |
parent | 26c046fbc57d53136b4fb3b5e0d18298318125d4 (diff) | |
download | nss-dc1565216a5d20ae0d75872151523252309a1292.tar.gz |
nss-3.28.1nss-3.28.1
Diffstat (limited to 'nss/lib/smime/cmsencdata.c')
-rw-r--r-- | nss/lib/smime/cmsencdata.c | 96 |
1 files changed, 48 insertions, 48 deletions
diff --git a/nss/lib/smime/cmsencdata.c b/nss/lib/smime/cmsencdata.c index 61ff6a1..c3a4549 100644 --- a/nss/lib/smime/cmsencdata.c +++ b/nss/lib/smime/cmsencdata.c @@ -22,13 +22,13 @@ * * "algorithm" specifies the bulk encryption algorithm to use. * "keysize" is the key size. - * + * * An error results in a return value of NULL and an error set. * (Retrieve specific errors via PORT_GetError()/XP_GetError().) */ NSSCMSEncryptedData * -NSS_CMSEncryptedData_Create(NSSCMSMessage *cmsg, SECOidTag algorithm, - int keysize) +NSS_CMSEncryptedData_Create(NSSCMSMessage *cmsg, SECOidTag algorithm, + int keysize) { void *mark; NSSCMSEncryptedData *encd; @@ -42,34 +42,35 @@ NSS_CMSEncryptedData_Create(NSSCMSMessage *cmsg, SECOidTag algorithm, encd = PORT_ArenaZNew(poolp, NSSCMSEncryptedData); if (encd == NULL) - goto loser; + goto loser; encd->cmsg = cmsg; /* version is set in NSS_CMSEncryptedData_Encode_BeforeStart() */ if (!SEC_PKCS5IsAlgorithmPBEAlgTag(algorithm)) { - rv = NSS_CMSContentInfo_SetContentEncAlg(poolp, &(encd->contentInfo), - algorithm, NULL, keysize); + rv = NSS_CMSContentInfo_SetContentEncAlg(poolp, &(encd->contentInfo), + algorithm, NULL, keysize); } else { - /* Assume password-based-encryption. - * Note: we can't generate pkcs5v2 from this interface. - * PK11_CreateBPEAlgorithmID generates pkcs5v2 by accepting - * non-PBE oids and assuming that they are pkcs5v2 oids, but - * NSS_CMSEncryptedData_Create accepts non-PBE oids as regular - * CMS encrypted data, so we can't tell NSS_CMS_EncryptedData_Create - * to create pkcs5v2 PBEs */ - pbe_algid = PK11_CreatePBEAlgorithmID(algorithm, 1, NULL); - if (pbe_algid == NULL) { - rv = SECFailure; - } else { - rv = NSS_CMSContentInfo_SetContentEncAlgID(poolp, - &(encd->contentInfo), pbe_algid, keysize); - SECOID_DestroyAlgorithmID (pbe_algid, PR_TRUE); - } + /* Assume password-based-encryption. + * Note: we can't generate pkcs5v2 from this interface. + * PK11_CreateBPEAlgorithmID generates pkcs5v2 by accepting + * non-PBE oids and assuming that they are pkcs5v2 oids, but + * NSS_CMSEncryptedData_Create accepts non-PBE oids as regular + * CMS encrypted data, so we can't tell NSS_CMS_EncryptedData_Create + * to create pkcs5v2 PBEs */ + pbe_algid = PK11_CreatePBEAlgorithmID(algorithm, 1, NULL); + if (pbe_algid == NULL) { + rv = SECFailure; + } else { + rv = NSS_CMSContentInfo_SetContentEncAlgID(poolp, + &(encd->contentInfo), + pbe_algid, keysize); + SECOID_DestroyAlgorithmID(pbe_algid, PR_TRUE); + } } if (rv != SECSuccess) - goto loser; + goto loser; PORT_ArenaUnmark(poolp, mark); return encd; @@ -116,24 +117,24 @@ NSS_CMSEncryptedData_Encode_BeforeStart(NSSCMSEncryptedData *encd) NSSCMSContentInfo *cinfo = &(encd->contentInfo); if (NSS_CMSArray_IsEmpty((void **)encd->unprotectedAttr)) - version = NSS_CMS_ENCRYPTED_DATA_VERSION; + version = NSS_CMS_ENCRYPTED_DATA_VERSION; else - version = NSS_CMS_ENCRYPTED_DATA_VERSION_UPATTR; - - dummy = SEC_ASN1EncodeInteger (encd->cmsg->poolp, &(encd->version), version); + version = NSS_CMS_ENCRYPTED_DATA_VERSION_UPATTR; + + dummy = SEC_ASN1EncodeInteger(encd->cmsg->poolp, &(encd->version), version); if (dummy == NULL) - return SECFailure; + return SECFailure; /* now get content encryption key (bulk key) by using our cmsg callback */ if (encd->cmsg->decrypt_key_cb) - bulkkey = (*encd->cmsg->decrypt_key_cb)(encd->cmsg->decrypt_key_cb_arg, - NSS_CMSContentInfo_GetContentEncAlg(cinfo)); + bulkkey = (*encd->cmsg->decrypt_key_cb)(encd->cmsg->decrypt_key_cb_arg, + NSS_CMSContentInfo_GetContentEncAlg(cinfo)); if (bulkkey == NULL) - return SECFailure; + return SECFailure; /* store the bulk key in the contentInfo so that the encoder can find it */ NSS_CMSContentInfo_SetBulkKey(cinfo, bulkkey); - PK11_FreeSymKey (bulkkey); + PK11_FreeSymKey(bulkkey); return SECSuccess; } @@ -154,22 +155,23 @@ NSS_CMSEncryptedData_Encode_BeforeData(NSSCMSEncryptedData *encd) /* find bulkkey and algorithm - must have been set by NSS_CMSEncryptedData_Encode_BeforeStart */ bulkkey = NSS_CMSContentInfo_GetBulkKey(cinfo); if (bulkkey == NULL) - return SECFailure; + return SECFailure; algid = NSS_CMSContentInfo_GetContentEncAlg(cinfo); if (algid == NULL) - return SECFailure; + return SECFailure; rv = NSS_CMSContentInfo_Private_Init(cinfo); if (rv != SECSuccess) { - return SECFailure; + return SECFailure; } /* this may modify algid (with IVs generated in a token). * it is therefore essential that algid is a pointer to the "real" contentEncAlg, * not just to a copy */ - cinfo->privateInfo->ciphcx = NSS_CMSCipherContext_StartEncrypt(encd->cmsg->poolp, bulkkey, algid); + cinfo->privateInfo->ciphcx = NSS_CMSCipherContext_StartEncrypt(encd->cmsg->poolp, + bulkkey, algid); PK11_FreeSymKey(bulkkey); if (cinfo->privateInfo->ciphcx == NULL) - return SECFailure; + return SECFailure; return SECSuccess; } @@ -181,15 +183,14 @@ SECStatus NSS_CMSEncryptedData_Encode_AfterData(NSSCMSEncryptedData *encd) { if (encd->contentInfo.privateInfo && encd->contentInfo.privateInfo->ciphcx) { - NSS_CMSCipherContext_Destroy(encd->contentInfo.privateInfo->ciphcx); - encd->contentInfo.privateInfo->ciphcx = NULL; + NSS_CMSCipherContext_Destroy(encd->contentInfo.privateInfo->ciphcx); + encd->contentInfo.privateInfo->ciphcx = NULL; } /* nothing to do after data */ return SECSuccess; } - /* * NSS_CMSEncryptedData_Decode_BeforeData - find bulk key & set up decryption */ @@ -205,26 +206,25 @@ NSS_CMSEncryptedData_Decode_BeforeData(NSSCMSEncryptedData *encd) bulkalg = NSS_CMSContentInfo_GetContentEncAlg(cinfo); - if (encd->cmsg->decrypt_key_cb == NULL) /* no callback? no key../ */ - goto loser; + if (encd->cmsg->decrypt_key_cb == NULL) /* no callback? no key../ */ + goto loser; bulkkey = (*encd->cmsg->decrypt_key_cb)(encd->cmsg->decrypt_key_cb_arg, bulkalg); if (bulkkey == NULL) - /* no success finding a bulk key */ - goto loser; + /* no success finding a bulk key */ + goto loser; NSS_CMSContentInfo_SetBulkKey(cinfo, bulkkey); rv = NSS_CMSContentInfo_Private_Init(cinfo); if (rv != SECSuccess) { - goto loser; + goto loser; } rv = SECFailure; cinfo->privateInfo->ciphcx = NSS_CMSCipherContext_StartDecrypt(bulkkey, bulkalg); if (cinfo->privateInfo->ciphcx == NULL) - goto loser; /* error has been set by NSS_CMSCipherContext_StartDecrypt */ - + goto loser; /* error has been set by NSS_CMSCipherContext_StartDecrypt */ /* we are done with (this) bulkkey now. */ PK11_FreeSymKey(bulkkey); @@ -242,8 +242,8 @@ SECStatus NSS_CMSEncryptedData_Decode_AfterData(NSSCMSEncryptedData *encd) { if (encd->contentInfo.privateInfo && encd->contentInfo.privateInfo->ciphcx) { - NSS_CMSCipherContext_Destroy(encd->contentInfo.privateInfo->ciphcx); - encd->contentInfo.privateInfo->ciphcx = NULL; + NSS_CMSCipherContext_Destroy(encd->contentInfo.privateInfo->ciphcx); + encd->contentInfo.privateInfo->ciphcx = NULL; } return SECSuccess; |