From dc1565216a5d20ae0d75872151523252309a1292 Mon Sep 17 00:00:00 2001 From: Lorry Tar Creator Date: Wed, 4 Jan 2017 14:24:24 +0000 Subject: nss-3.28.1 --- nss/lib/pkcs7/p7create.c | 1048 ++++++++++++++++++++++------------------------ 1 file changed, 502 insertions(+), 546 deletions(-) (limited to 'nss/lib/pkcs7/p7create.c') diff --git a/nss/lib/pkcs7/p7create.c b/nss/lib/pkcs7/p7create.c index 983b7b5..fcf0cad 100644 --- a/nss/lib/pkcs7/p7create.c +++ b/nss/lib/pkcs7/p7create.c @@ -21,106 +21,104 @@ const int NSS_PBE_DEFAULT_ITERATION_COUNT = 2000; /* used in p12e.c too */ static SECStatus -sec_pkcs7_init_content_info (SEC_PKCS7ContentInfo *cinfo, PLArenaPool *poolp, - SECOidTag kind, PRBool detached) +sec_pkcs7_init_content_info(SEC_PKCS7ContentInfo *cinfo, PLArenaPool *poolp, + SECOidTag kind, PRBool detached) { void *thing; int version; SECItem *versionp; SECStatus rv; - PORT_Assert (cinfo != NULL && poolp != NULL); + PORT_Assert(cinfo != NULL && poolp != NULL); if (cinfo == NULL || poolp == NULL) - return SECFailure; + return SECFailure; - cinfo->contentTypeTag = SECOID_FindOIDByTag (kind); - PORT_Assert (cinfo->contentTypeTag - && cinfo->contentTypeTag->offset == kind); + cinfo->contentTypeTag = SECOID_FindOIDByTag(kind); + PORT_Assert(cinfo->contentTypeTag && cinfo->contentTypeTag->offset == kind); - rv = SECITEM_CopyItem (poolp, &(cinfo->contentType), - &(cinfo->contentTypeTag->oid)); + rv = SECITEM_CopyItem(poolp, &(cinfo->contentType), + &(cinfo->contentTypeTag->oid)); if (rv != SECSuccess) - return rv; + return rv; if (detached) - return SECSuccess; + return SECSuccess; switch (kind) { - default: - case SEC_OID_PKCS7_DATA: - thing = PORT_ArenaZAlloc (poolp, sizeof(SECItem)); - cinfo->content.data = (SECItem*)thing; - versionp = NULL; - version = -1; - break; - case SEC_OID_PKCS7_DIGESTED_DATA: - thing = PORT_ArenaZAlloc (poolp, sizeof(SEC_PKCS7DigestedData)); - cinfo->content.digestedData = (SEC_PKCS7DigestedData*)thing; - versionp = &(cinfo->content.digestedData->version); - version = SEC_PKCS7_DIGESTED_DATA_VERSION; - break; - case SEC_OID_PKCS7_ENCRYPTED_DATA: - thing = PORT_ArenaZAlloc (poolp, sizeof(SEC_PKCS7EncryptedData)); - cinfo->content.encryptedData = (SEC_PKCS7EncryptedData*)thing; - versionp = &(cinfo->content.encryptedData->version); - version = SEC_PKCS7_ENCRYPTED_DATA_VERSION; - break; - case SEC_OID_PKCS7_ENVELOPED_DATA: - thing = PORT_ArenaZAlloc (poolp, sizeof(SEC_PKCS7EnvelopedData)); - cinfo->content.envelopedData = - (SEC_PKCS7EnvelopedData*)thing; - versionp = &(cinfo->content.envelopedData->version); - version = SEC_PKCS7_ENVELOPED_DATA_VERSION; - break; - case SEC_OID_PKCS7_SIGNED_DATA: - thing = PORT_ArenaZAlloc (poolp, sizeof(SEC_PKCS7SignedData)); - cinfo->content.signedData = - (SEC_PKCS7SignedData*)thing; - versionp = &(cinfo->content.signedData->version); - version = SEC_PKCS7_SIGNED_DATA_VERSION; - break; - case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: - thing = PORT_ArenaZAlloc(poolp,sizeof(SEC_PKCS7SignedAndEnvelopedData)); - cinfo->content.signedAndEnvelopedData = - (SEC_PKCS7SignedAndEnvelopedData*)thing; - versionp = &(cinfo->content.signedAndEnvelopedData->version); - version = SEC_PKCS7_SIGNED_AND_ENVELOPED_DATA_VERSION; - break; + default: + case SEC_OID_PKCS7_DATA: + thing = PORT_ArenaZAlloc(poolp, sizeof(SECItem)); + cinfo->content.data = (SECItem *)thing; + versionp = NULL; + version = -1; + break; + case SEC_OID_PKCS7_DIGESTED_DATA: + thing = PORT_ArenaZAlloc(poolp, sizeof(SEC_PKCS7DigestedData)); + cinfo->content.digestedData = (SEC_PKCS7DigestedData *)thing; + versionp = &(cinfo->content.digestedData->version); + version = SEC_PKCS7_DIGESTED_DATA_VERSION; + break; + case SEC_OID_PKCS7_ENCRYPTED_DATA: + thing = PORT_ArenaZAlloc(poolp, sizeof(SEC_PKCS7EncryptedData)); + cinfo->content.encryptedData = (SEC_PKCS7EncryptedData *)thing; + versionp = &(cinfo->content.encryptedData->version); + version = SEC_PKCS7_ENCRYPTED_DATA_VERSION; + break; + case SEC_OID_PKCS7_ENVELOPED_DATA: + thing = PORT_ArenaZAlloc(poolp, sizeof(SEC_PKCS7EnvelopedData)); + cinfo->content.envelopedData = + (SEC_PKCS7EnvelopedData *)thing; + versionp = &(cinfo->content.envelopedData->version); + version = SEC_PKCS7_ENVELOPED_DATA_VERSION; + break; + case SEC_OID_PKCS7_SIGNED_DATA: + thing = PORT_ArenaZAlloc(poolp, sizeof(SEC_PKCS7SignedData)); + cinfo->content.signedData = + (SEC_PKCS7SignedData *)thing; + versionp = &(cinfo->content.signedData->version); + version = SEC_PKCS7_SIGNED_DATA_VERSION; + break; + case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: + thing = PORT_ArenaZAlloc(poolp, sizeof(SEC_PKCS7SignedAndEnvelopedData)); + cinfo->content.signedAndEnvelopedData = + (SEC_PKCS7SignedAndEnvelopedData *)thing; + versionp = &(cinfo->content.signedAndEnvelopedData->version); + version = SEC_PKCS7_SIGNED_AND_ENVELOPED_DATA_VERSION; + break; } if (thing == NULL) - return SECFailure; + return SECFailure; if (versionp != NULL) { - SECItem *dummy; + SECItem *dummy; - PORT_Assert (version >= 0); - dummy = SEC_ASN1EncodeInteger (poolp, versionp, version); - if (dummy == NULL) - return SECFailure; - PORT_Assert (dummy == versionp); + PORT_Assert(version >= 0); + dummy = SEC_ASN1EncodeInteger(poolp, versionp, version); + if (dummy == NULL) + return SECFailure; + PORT_Assert(dummy == versionp); } return SECSuccess; } - static SEC_PKCS7ContentInfo * -sec_pkcs7_create_content_info (SECOidTag kind, PRBool detached, - SECKEYGetPasswordKey pwfn, void *pwfn_arg) +sec_pkcs7_create_content_info(SECOidTag kind, PRBool detached, + SECKEYGetPasswordKey pwfn, void *pwfn_arg) { SEC_PKCS7ContentInfo *cinfo; PLArenaPool *poolp; SECStatus rv; - poolp = PORT_NewArena (1024); /* XXX what is right value? */ + poolp = PORT_NewArena(1024); /* XXX what is right value? */ if (poolp == NULL) - return NULL; + return NULL; - cinfo = (SEC_PKCS7ContentInfo*)PORT_ArenaZAlloc (poolp, sizeof(*cinfo)); + cinfo = (SEC_PKCS7ContentInfo *)PORT_ArenaZAlloc(poolp, sizeof(*cinfo)); if (cinfo == NULL) { - PORT_FreeArena (poolp, PR_FALSE); - return NULL; + PORT_FreeArena(poolp, PR_FALSE); + return NULL; } cinfo->poolp = poolp; @@ -129,16 +127,15 @@ sec_pkcs7_create_content_info (SECOidTag kind, PRBool detached, cinfo->created = PR_TRUE; cinfo->refCount = 1; - rv = sec_pkcs7_init_content_info (cinfo, poolp, kind, detached); + rv = sec_pkcs7_init_content_info(cinfo, poolp, kind, detached); if (rv != SECSuccess) { - PORT_FreeArena (poolp, PR_FALSE); - return NULL; + PORT_FreeArena(poolp, PR_FALSE); + return NULL; } return cinfo; } - /* * Add a signer to a PKCS7 thing, verifying the signature cert first. * Any error returns SECFailure. @@ -147,45 +144,41 @@ sec_pkcs7_create_content_info (SECOidTag kind, PRBool detached, * to add a second one -- this needs to be fixed. */ static SECStatus -sec_pkcs7_add_signer (SEC_PKCS7ContentInfo *cinfo, - CERTCertificate * cert, - SECCertUsage certusage, - CERTCertDBHandle * certdb, - SECOidTag digestalgtag, - SECItem * digestdata) +sec_pkcs7_add_signer(SEC_PKCS7ContentInfo *cinfo, + CERTCertificate *cert, + SECCertUsage certusage, + CERTCertDBHandle *certdb, + SECOidTag digestalgtag, + SECItem *digestdata) { SEC_PKCS7SignerInfo *signerinfo, **signerinfos, ***signerinfosp; - SECAlgorithmID *digestalg, **digestalgs, ***digestalgsp; - SECItem *digest, **digests, ***digestsp; - SECItem * dummy; - void * mark; - SECStatus rv; - SECOidTag kind; - - kind = SEC_PKCS7ContentType (cinfo); + SECAlgorithmID *digestalg, **digestalgs, ***digestalgsp; + SECItem *digest, **digests, ***digestsp; + SECItem *dummy; + void *mark; + SECStatus rv; + SECOidTag kind; + + kind = SEC_PKCS7ContentType(cinfo); switch (kind) { - case SEC_OID_PKCS7_SIGNED_DATA: - { - SEC_PKCS7SignedData *sdp; - - sdp = cinfo->content.signedData; - digestalgsp = &(sdp->digestAlgorithms); - digestsp = &(sdp->digests); - signerinfosp = &(sdp->signerInfos); - } - break; - case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: - { - SEC_PKCS7SignedAndEnvelopedData *saedp; - - saedp = cinfo->content.signedAndEnvelopedData; - digestalgsp = &(saedp->digestAlgorithms); - digestsp = &(saedp->digests); - signerinfosp = &(saedp->signerInfos); - } - break; - default: - return SECFailure; /* XXX set an error? */ + case SEC_OID_PKCS7_SIGNED_DATA: { + SEC_PKCS7SignedData *sdp; + + sdp = cinfo->content.signedData; + digestalgsp = &(sdp->digestAlgorithms); + digestsp = &(sdp->digests); + signerinfosp = &(sdp->signerInfos); + } break; + case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: { + SEC_PKCS7SignedAndEnvelopedData *saedp; + + saedp = cinfo->content.signedAndEnvelopedData; + digestalgsp = &(saedp->digestAlgorithms); + digestsp = &(saedp->digests); + signerinfosp = &(saedp->signerInfos); + } break; + default: + return SECFailure; /* XXX set an error? */ } /* @@ -193,16 +186,15 @@ sec_pkcs7_add_signer (SEC_PKCS7ContentInfo *cinfo, * a NULL database. */ if (certdb == NULL) { - certdb = CERT_GetDefaultCertDB(); - if (certdb == NULL) - return SECFailure; /* XXX set an error? */ + certdb = CERT_GetDefaultCertDB(); + if (certdb == NULL) + return SECFailure; /* XXX set an error? */ } - if (CERT_VerifyCert (certdb, cert, PR_TRUE, certusage, PR_Now(), - cinfo->pwfn_arg, NULL) != SECSuccess) - { - /* XXX Did CERT_VerifyCert set an error? */ - return SECFailure; + if (CERT_VerifyCert(certdb, cert, PR_TRUE, certusage, PR_Now(), + cinfo->pwfn_arg, NULL) != SECSuccess) { + /* XXX Did CERT_VerifyCert set an error? */ + return SECFailure; } /* @@ -210,45 +202,44 @@ sec_pkcs7_add_signer (SEC_PKCS7ContentInfo *cinfo, * This is not what we really want -- we want to allow this * and *add* the new signer. */ - PORT_Assert (*signerinfosp == NULL - && *digestalgsp == NULL && *digestsp == NULL); + PORT_Assert(*signerinfosp == NULL && *digestalgsp == NULL && *digestsp == NULL); if (*signerinfosp != NULL || *digestalgsp != NULL || *digestsp != NULL) - return SECFailure; + return SECFailure; - mark = PORT_ArenaMark (cinfo->poolp); + mark = PORT_ArenaMark(cinfo->poolp); - signerinfo = (SEC_PKCS7SignerInfo*)PORT_ArenaZAlloc (cinfo->poolp, - sizeof(SEC_PKCS7SignerInfo)); + signerinfo = (SEC_PKCS7SignerInfo *)PORT_ArenaZAlloc(cinfo->poolp, + sizeof(SEC_PKCS7SignerInfo)); if (signerinfo == NULL) { - PORT_ArenaRelease (cinfo->poolp, mark); - return SECFailure; + PORT_ArenaRelease(cinfo->poolp, mark); + return SECFailure; } - dummy = SEC_ASN1EncodeInteger (cinfo->poolp, &signerinfo->version, - SEC_PKCS7_SIGNER_INFO_VERSION); + dummy = SEC_ASN1EncodeInteger(cinfo->poolp, &signerinfo->version, + SEC_PKCS7_SIGNER_INFO_VERSION); if (dummy == NULL) { - PORT_ArenaRelease (cinfo->poolp, mark); - return SECFailure; + PORT_ArenaRelease(cinfo->poolp, mark); + return SECFailure; } - PORT_Assert (dummy == &signerinfo->version); + PORT_Assert(dummy == &signerinfo->version); - signerinfo->cert = CERT_DupCertificate (cert); + signerinfo->cert = CERT_DupCertificate(cert); if (signerinfo->cert == NULL) { - PORT_ArenaRelease (cinfo->poolp, mark); - return SECFailure; + PORT_ArenaRelease(cinfo->poolp, mark); + return SECFailure; } - signerinfo->issuerAndSN = CERT_GetCertIssuerAndSN (cinfo->poolp, cert); + signerinfo->issuerAndSN = CERT_GetCertIssuerAndSN(cinfo->poolp, cert); if (signerinfo->issuerAndSN == NULL) { - PORT_ArenaRelease (cinfo->poolp, mark); - return SECFailure; + PORT_ArenaRelease(cinfo->poolp, mark); + return SECFailure; } - rv = SECOID_SetAlgorithmID (cinfo->poolp, &signerinfo->digestAlg, - digestalgtag, NULL); + rv = SECOID_SetAlgorithmID(cinfo->poolp, &signerinfo->digestAlg, + digestalgtag, NULL); if (rv != SECSuccess) { - PORT_ArenaRelease (cinfo->poolp, mark); - return SECFailure; + PORT_ArenaRelease(cinfo->poolp, mark); + return SECFailure; } /* @@ -265,46 +256,46 @@ sec_pkcs7_add_signer (SEC_PKCS7ContentInfo *cinfo, * should be *added* to the set already found. */ - signerinfos = (SEC_PKCS7SignerInfo**)PORT_ArenaAlloc (cinfo->poolp, - 2 * sizeof(SEC_PKCS7SignerInfo *)); + signerinfos = (SEC_PKCS7SignerInfo **)PORT_ArenaAlloc(cinfo->poolp, + 2 * sizeof(SEC_PKCS7SignerInfo *)); if (signerinfos == NULL) { - PORT_ArenaRelease (cinfo->poolp, mark); - return SECFailure; + PORT_ArenaRelease(cinfo->poolp, mark); + return SECFailure; } signerinfos[0] = signerinfo; signerinfos[1] = NULL; - digestalg = PORT_ArenaZAlloc (cinfo->poolp, sizeof(SECAlgorithmID)); - digestalgs = PORT_ArenaAlloc (cinfo->poolp, 2 * sizeof(SECAlgorithmID *)); + digestalg = PORT_ArenaZAlloc(cinfo->poolp, sizeof(SECAlgorithmID)); + digestalgs = PORT_ArenaAlloc(cinfo->poolp, 2 * sizeof(SECAlgorithmID *)); if (digestalg == NULL || digestalgs == NULL) { - PORT_ArenaRelease (cinfo->poolp, mark); - return SECFailure; + PORT_ArenaRelease(cinfo->poolp, mark); + return SECFailure; } - rv = SECOID_SetAlgorithmID (cinfo->poolp, digestalg, digestalgtag, NULL); + rv = SECOID_SetAlgorithmID(cinfo->poolp, digestalg, digestalgtag, NULL); if (rv != SECSuccess) { - PORT_ArenaRelease (cinfo->poolp, mark); - return SECFailure; + PORT_ArenaRelease(cinfo->poolp, mark); + return SECFailure; } digestalgs[0] = digestalg; digestalgs[1] = NULL; if (digestdata != NULL) { - digest = (SECItem*)PORT_ArenaAlloc (cinfo->poolp, sizeof(SECItem)); - digests = (SECItem**)PORT_ArenaAlloc (cinfo->poolp, - 2 * sizeof(SECItem *)); - if (digest == NULL || digests == NULL) { - PORT_ArenaRelease (cinfo->poolp, mark); - return SECFailure; - } - rv = SECITEM_CopyItem (cinfo->poolp, digest, digestdata); - if (rv != SECSuccess) { - PORT_ArenaRelease (cinfo->poolp, mark); - return SECFailure; - } - digests[0] = digest; - digests[1] = NULL; + digest = (SECItem *)PORT_ArenaAlloc(cinfo->poolp, sizeof(SECItem)); + digests = (SECItem **)PORT_ArenaAlloc(cinfo->poolp, + 2 * sizeof(SECItem *)); + if (digest == NULL || digests == NULL) { + PORT_ArenaRelease(cinfo->poolp, mark); + return SECFailure; + } + rv = SECITEM_CopyItem(cinfo->poolp, digest, digestdata); + if (rv != SECSuccess) { + PORT_ArenaRelease(cinfo->poolp, mark); + return SECFailure; + } + digests[0] = digest; + digests[1] = NULL; } else { - digests = NULL; + digests = NULL; } *signerinfosp = signerinfos; @@ -315,40 +306,38 @@ sec_pkcs7_add_signer (SEC_PKCS7ContentInfo *cinfo, return SECSuccess; } - /* * Helper function for creating an empty signedData. */ static SEC_PKCS7ContentInfo * -sec_pkcs7_create_signed_data (SECKEYGetPasswordKey pwfn, void *pwfn_arg) +sec_pkcs7_create_signed_data(SECKEYGetPasswordKey pwfn, void *pwfn_arg) { SEC_PKCS7ContentInfo *cinfo; SEC_PKCS7SignedData *sigd; SECStatus rv; - cinfo = sec_pkcs7_create_content_info (SEC_OID_PKCS7_SIGNED_DATA, PR_FALSE, - pwfn, pwfn_arg); + cinfo = sec_pkcs7_create_content_info(SEC_OID_PKCS7_SIGNED_DATA, PR_FALSE, + pwfn, pwfn_arg); if (cinfo == NULL) - return NULL; + return NULL; sigd = cinfo->content.signedData; - PORT_Assert (sigd != NULL); + PORT_Assert(sigd != NULL); /* * XXX Might we want to allow content types other than data? * If so, via what interface? */ - rv = sec_pkcs7_init_content_info (&(sigd->contentInfo), cinfo->poolp, - SEC_OID_PKCS7_DATA, PR_TRUE); + rv = sec_pkcs7_init_content_info(&(sigd->contentInfo), cinfo->poolp, + SEC_OID_PKCS7_DATA, PR_TRUE); if (rv != SECSuccess) { - SEC_PKCS7DestroyContentInfo (cinfo); - return NULL; + SEC_PKCS7DestroyContentInfo(cinfo); + return NULL; } return cinfo; } - /* * Start a PKCS7 signing context. * @@ -378,70 +367,69 @@ sec_pkcs7_create_signed_data (SECKEYGetPasswordKey pwfn, void *pwfn_arg) * (Retrieve specific errors via PORT_GetError()/XP_GetError().) */ SEC_PKCS7ContentInfo * -SEC_PKCS7CreateSignedData (CERTCertificate *cert, - SECCertUsage certusage, - CERTCertDBHandle *certdb, - SECOidTag digestalg, - SECItem *digest, - SECKEYGetPasswordKey pwfn, void *pwfn_arg) +SEC_PKCS7CreateSignedData(CERTCertificate *cert, + SECCertUsage certusage, + CERTCertDBHandle *certdb, + SECOidTag digestalg, + SECItem *digest, + SECKEYGetPasswordKey pwfn, void *pwfn_arg) { SEC_PKCS7ContentInfo *cinfo; SECStatus rv; - cinfo = sec_pkcs7_create_signed_data (pwfn, pwfn_arg); + cinfo = sec_pkcs7_create_signed_data(pwfn, pwfn_arg); if (cinfo == NULL) - return NULL; + return NULL; - rv = sec_pkcs7_add_signer (cinfo, cert, certusage, certdb, - digestalg, digest); + rv = sec_pkcs7_add_signer(cinfo, cert, certusage, certdb, + digestalg, digest); if (rv != SECSuccess) { - SEC_PKCS7DestroyContentInfo (cinfo); - return NULL; + SEC_PKCS7DestroyContentInfo(cinfo); + return NULL; } return cinfo; } - static SEC_PKCS7Attribute * -sec_pkcs7_create_attribute (PLArenaPool *poolp, SECOidTag oidtag, - SECItem *value, PRBool encoded) +sec_pkcs7_create_attribute(PLArenaPool *poolp, SECOidTag oidtag, + SECItem *value, PRBool encoded) { SEC_PKCS7Attribute *attr; SECItem **values; void *mark; - PORT_Assert (poolp != NULL); - mark = PORT_ArenaMark (poolp); + PORT_Assert(poolp != NULL); + mark = PORT_ArenaMark(poolp); - attr = (SEC_PKCS7Attribute*)PORT_ArenaAlloc (poolp, - sizeof(SEC_PKCS7Attribute)); + attr = (SEC_PKCS7Attribute *)PORT_ArenaAlloc(poolp, + sizeof(SEC_PKCS7Attribute)); if (attr == NULL) - goto loser; + goto loser; - attr->typeTag = SECOID_FindOIDByTag (oidtag); + attr->typeTag = SECOID_FindOIDByTag(oidtag); if (attr->typeTag == NULL) - goto loser; + goto loser; - if (SECITEM_CopyItem (poolp, &(attr->type), - &(attr->typeTag->oid)) != SECSuccess) - goto loser; + if (SECITEM_CopyItem(poolp, &(attr->type), + &(attr->typeTag->oid)) != SECSuccess) + goto loser; - values = (SECItem**)PORT_ArenaAlloc (poolp, 2 * sizeof(SECItem *)); + values = (SECItem **)PORT_ArenaAlloc(poolp, 2 * sizeof(SECItem *)); if (values == NULL) - goto loser; + goto loser; if (value != NULL) { - SECItem *copy; + SECItem *copy; - copy = (SECItem*)PORT_ArenaAlloc (poolp, sizeof(SECItem)); - if (copy == NULL) - goto loser; + copy = (SECItem *)PORT_ArenaAlloc(poolp, sizeof(SECItem)); + if (copy == NULL) + goto loser; - if (SECITEM_CopyItem (poolp, copy, value) != SECSuccess) - goto loser; + if (SECITEM_CopyItem(poolp, copy, value) != SECSuccess) + goto loser; - value = copy; + value = copy; } values[0] = value; @@ -449,62 +437,61 @@ sec_pkcs7_create_attribute (PLArenaPool *poolp, SECOidTag oidtag, attr->values = values; attr->encoded = encoded; - PORT_ArenaUnmark (poolp, mark); + PORT_ArenaUnmark(poolp, mark); return attr; loser: - PORT_Assert (mark != NULL); - PORT_ArenaRelease (poolp, mark); + PORT_Assert(mark != NULL); + PORT_ArenaRelease(poolp, mark); return NULL; } - static SECStatus -sec_pkcs7_add_attribute (SEC_PKCS7ContentInfo *cinfo, - SEC_PKCS7Attribute ***attrsp, - SEC_PKCS7Attribute *attr) +sec_pkcs7_add_attribute(SEC_PKCS7ContentInfo *cinfo, + SEC_PKCS7Attribute ***attrsp, + SEC_PKCS7Attribute *attr) { SEC_PKCS7Attribute **attrs; SECItem *ct_value; void *mark; - PORT_Assert (SEC_PKCS7ContentType (cinfo) == SEC_OID_PKCS7_SIGNED_DATA); - if (SEC_PKCS7ContentType (cinfo) != SEC_OID_PKCS7_SIGNED_DATA) - return SECFailure; + PORT_Assert(SEC_PKCS7ContentType(cinfo) == SEC_OID_PKCS7_SIGNED_DATA); + if (SEC_PKCS7ContentType(cinfo) != SEC_OID_PKCS7_SIGNED_DATA) + return SECFailure; attrs = *attrsp; if (attrs != NULL) { - int count; + int count; - /* + /* * We already have some attributes, and just need to add this * new one. */ - /* + /* * We should already have the *required* attributes, which were * created/added at the same time the first attribute was added. */ - PORT_Assert (sec_PKCS7FindAttribute (attrs, - SEC_OID_PKCS9_CONTENT_TYPE, - PR_FALSE) != NULL); - PORT_Assert (sec_PKCS7FindAttribute (attrs, - SEC_OID_PKCS9_MESSAGE_DIGEST, - PR_FALSE) != NULL); - - for (count = 0; attrs[count] != NULL; count++) - ; - attrs = (SEC_PKCS7Attribute**)PORT_ArenaGrow (cinfo->poolp, attrs, - (count + 1) * sizeof(SEC_PKCS7Attribute *), - (count + 2) * sizeof(SEC_PKCS7Attribute *)); - if (attrs == NULL) - return SECFailure; - - attrs[count] = attr; - attrs[count+1] = NULL; - *attrsp = attrs; - - return SECSuccess; + PORT_Assert(sec_PKCS7FindAttribute(attrs, + SEC_OID_PKCS9_CONTENT_TYPE, + PR_FALSE) != NULL); + PORT_Assert(sec_PKCS7FindAttribute(attrs, + SEC_OID_PKCS9_MESSAGE_DIGEST, + PR_FALSE) != NULL); + + for (count = 0; attrs[count] != NULL; count++) + ; + attrs = (SEC_PKCS7Attribute **)PORT_ArenaGrow(cinfo->poolp, attrs, + (count + 1) * sizeof(SEC_PKCS7Attribute *), + (count + 2) * sizeof(SEC_PKCS7Attribute *)); + if (attrs == NULL) + return SECFailure; + + attrs[count] = attr; + attrs[count + 1] = NULL; + *attrsp = attrs; + + return SECSuccess; } /* @@ -517,43 +504,42 @@ sec_pkcs7_add_attribute (SEC_PKCS7ContentInfo *cinfo, * There are 2 required attributes, plus the one our caller wants * to add, plus we always end with a NULL one. Thus, four slots. */ - attrs = (SEC_PKCS7Attribute**)PORT_ArenaAlloc (cinfo->poolp, - 4 * sizeof(SEC_PKCS7Attribute *)); + attrs = (SEC_PKCS7Attribute **)PORT_ArenaAlloc(cinfo->poolp, + 4 * sizeof(SEC_PKCS7Attribute *)); if (attrs == NULL) - return SECFailure; + return SECFailure; - mark = PORT_ArenaMark (cinfo->poolp); + mark = PORT_ArenaMark(cinfo->poolp); /* * First required attribute is the content type of the data * being signed. */ ct_value = &(cinfo->content.signedData->contentInfo.contentType); - attrs[0] = sec_pkcs7_create_attribute (cinfo->poolp, - SEC_OID_PKCS9_CONTENT_TYPE, - ct_value, PR_FALSE); + attrs[0] = sec_pkcs7_create_attribute(cinfo->poolp, + SEC_OID_PKCS9_CONTENT_TYPE, + ct_value, PR_FALSE); /* * Second required attribute is the message digest of the data * being signed; we leave the value NULL for now (just create * the place for it to go), and the encoder will fill it in later. */ - attrs[1] = sec_pkcs7_create_attribute (cinfo->poolp, - SEC_OID_PKCS9_MESSAGE_DIGEST, - NULL, PR_FALSE); + attrs[1] = sec_pkcs7_create_attribute(cinfo->poolp, + SEC_OID_PKCS9_MESSAGE_DIGEST, + NULL, PR_FALSE); if (attrs[0] == NULL || attrs[1] == NULL) { - PORT_ArenaRelease (cinfo->poolp, mark); - return SECFailure; + PORT_ArenaRelease(cinfo->poolp, mark); + return SECFailure; } attrs[2] = attr; attrs[3] = NULL; *attrsp = attrs; - PORT_ArenaUnmark (cinfo->poolp, mark); + PORT_ArenaUnmark(cinfo->poolp, mark); return SECSuccess; } - /* * Add the signing time to the authenticated (i.e. signed) attributes * of "cinfo". This is expected to be included in outgoing signed @@ -571,7 +557,7 @@ sec_pkcs7_add_attribute (SEC_PKCS7ContentInfo *cinfo, * if it is not. */ SECStatus -SEC_PKCS7AddSigningTime (SEC_PKCS7ContentInfo *cinfo) +SEC_PKCS7AddSigningTime(SEC_PKCS7ContentInfo *cinfo) { SEC_PKCS7SignerInfo **signerinfos; SEC_PKCS7Attribute *attr; @@ -579,48 +565,47 @@ SEC_PKCS7AddSigningTime (SEC_PKCS7ContentInfo *cinfo) SECStatus rv; int si; - PORT_Assert (SEC_PKCS7ContentType (cinfo) == SEC_OID_PKCS7_SIGNED_DATA); - if (SEC_PKCS7ContentType (cinfo) != SEC_OID_PKCS7_SIGNED_DATA) - return SECFailure; + PORT_Assert(SEC_PKCS7ContentType(cinfo) == SEC_OID_PKCS7_SIGNED_DATA); + if (SEC_PKCS7ContentType(cinfo) != SEC_OID_PKCS7_SIGNED_DATA) + return SECFailure; signerinfos = cinfo->content.signedData->signerInfos; /* There has to be a signer, or it makes no sense. */ if (signerinfos == NULL || signerinfos[0] == NULL) - return SECFailure; + return SECFailure; rv = DER_EncodeTimeChoice(NULL, &stime, PR_Now()); if (rv != SECSuccess) - return rv; + return rv; - attr = sec_pkcs7_create_attribute (cinfo->poolp, - SEC_OID_PKCS9_SIGNING_TIME, - &stime, PR_FALSE); - SECITEM_FreeItem (&stime, PR_FALSE); + attr = sec_pkcs7_create_attribute(cinfo->poolp, + SEC_OID_PKCS9_SIGNING_TIME, + &stime, PR_FALSE); + SECITEM_FreeItem(&stime, PR_FALSE); if (attr == NULL) - return SECFailure; + return SECFailure; rv = SECSuccess; for (si = 0; signerinfos[si] != NULL; si++) { - SEC_PKCS7Attribute *oattr; - - oattr = sec_PKCS7FindAttribute (signerinfos[si]->authAttr, - SEC_OID_PKCS9_SIGNING_TIME, PR_FALSE); - PORT_Assert (oattr == NULL); - if (oattr != NULL) - continue; /* XXX or would it be better to replace it? */ - - rv = sec_pkcs7_add_attribute (cinfo, &(signerinfos[si]->authAttr), - attr); - if (rv != SECSuccess) - break; /* could try to continue, but may as well give up now */ + SEC_PKCS7Attribute *oattr; + + oattr = sec_PKCS7FindAttribute(signerinfos[si]->authAttr, + SEC_OID_PKCS9_SIGNING_TIME, PR_FALSE); + PORT_Assert(oattr == NULL); + if (oattr != NULL) + continue; /* XXX or would it be better to replace it? */ + + rv = sec_pkcs7_add_attribute(cinfo, &(signerinfos[si]->authAttr), + attr); + if (rv != SECSuccess) + break; /* could try to continue, but may as well give up now */ } return rv; } - /* * Add the specified attribute to the authenticated (i.e. signed) attributes * of "cinfo" -- "oidtag" describes the attribute and "value" is the @@ -640,16 +625,16 @@ SEC_PKCS7AddSigningTime (SEC_PKCS7ContentInfo *cinfo) * if it is not. */ SECStatus -SEC_PKCS7AddSignedAttribute (SEC_PKCS7ContentInfo *cinfo, - SECOidTag oidtag, - SECItem *value) +SEC_PKCS7AddSignedAttribute(SEC_PKCS7ContentInfo *cinfo, + SECOidTag oidtag, + SECItem *value) { SEC_PKCS7SignerInfo **signerinfos; SEC_PKCS7Attribute *attr; - PORT_Assert (SEC_PKCS7ContentType (cinfo) == SEC_OID_PKCS7_SIGNED_DATA); - if (SEC_PKCS7ContentType (cinfo) != SEC_OID_PKCS7_SIGNED_DATA) - return SECFailure; + PORT_Assert(SEC_PKCS7ContentType(cinfo) == SEC_OID_PKCS7_SIGNED_DATA); + if (SEC_PKCS7ContentType(cinfo) != SEC_OID_PKCS7_SIGNED_DATA) + return SECFailure; signerinfos = cinfo->content.signedData->signerInfos; @@ -657,15 +642,14 @@ SEC_PKCS7AddSignedAttribute (SEC_PKCS7ContentInfo *cinfo, * No signature or more than one means no deal. */ if (signerinfos == NULL || signerinfos[0] == NULL || signerinfos[1] != NULL) - return SECFailure; + return SECFailure; - attr = sec_pkcs7_create_attribute (cinfo->poolp, oidtag, value, PR_TRUE); + attr = sec_pkcs7_create_attribute(cinfo->poolp, oidtag, value, PR_TRUE); if (attr == NULL) - return SECFailure; + return SECFailure; - return sec_pkcs7_add_attribute (cinfo, &(signerinfos[0]->authAttr), attr); + return sec_pkcs7_add_attribute(cinfo, &(signerinfos[0]->authAttr), attr); } - /* * Mark that the signer certificates and their issuing chain should @@ -679,115 +663,110 @@ SEC_PKCS7AddSignedAttribute (SEC_PKCS7ContentInfo *cinfo, * SECFailure will be returned if it is not. */ SECStatus -SEC_PKCS7IncludeCertChain (SEC_PKCS7ContentInfo *cinfo, - CERTCertDBHandle *certdb) +SEC_PKCS7IncludeCertChain(SEC_PKCS7ContentInfo *cinfo, + CERTCertDBHandle *certdb) { SECOidTag kind; SEC_PKCS7SignerInfo *signerinfo, **signerinfos; - kind = SEC_PKCS7ContentType (cinfo); + kind = SEC_PKCS7ContentType(cinfo); switch (kind) { - case SEC_OID_PKCS7_SIGNED_DATA: - signerinfos = cinfo->content.signedData->signerInfos; - break; - case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: - signerinfos = cinfo->content.signedAndEnvelopedData->signerInfos; - break; - default: - return SECFailure; /* XXX set an error? */ + case SEC_OID_PKCS7_SIGNED_DATA: + signerinfos = cinfo->content.signedData->signerInfos; + break; + case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: + signerinfos = cinfo->content.signedAndEnvelopedData->signerInfos; + break; + default: + return SECFailure; /* XXX set an error? */ } - if (signerinfos == NULL) /* no signer, no certs? */ - return SECFailure; /* XXX set an error? */ + if (signerinfos == NULL) /* no signer, no certs? */ + return SECFailure; /* XXX set an error? */ if (certdb == NULL) { - certdb = CERT_GetDefaultCertDB(); - if (certdb == NULL) { - PORT_SetError (SEC_ERROR_BAD_DATABASE); - return SECFailure; - } + certdb = CERT_GetDefaultCertDB(); + if (certdb == NULL) { + PORT_SetError(SEC_ERROR_BAD_DATABASE); + return SECFailure; + } } /* XXX Should it be an error if we find no signerinfo or no certs? */ while ((signerinfo = *signerinfos++) != NULL) { - if (signerinfo->cert != NULL) - /* get the cert chain. don't send the root to avoid contamination + if (signerinfo->cert != NULL) + /* get the cert chain. don't send the root to avoid contamination * of old clients with a new root that they don't trust */ - signerinfo->certList = CERT_CertChainFromCert (signerinfo->cert, - certUsageEmailSigner, - PR_FALSE); + signerinfo->certList = CERT_CertChainFromCert(signerinfo->cert, + certUsageEmailSigner, + PR_FALSE); } return SECSuccess; } - /* * Helper function to add a certificate chain for inclusion in the * bag of certificates in a signedData. */ static SECStatus -sec_pkcs7_add_cert_chain (SEC_PKCS7ContentInfo *cinfo, - CERTCertificate *cert, - CERTCertDBHandle *certdb) +sec_pkcs7_add_cert_chain(SEC_PKCS7ContentInfo *cinfo, + CERTCertificate *cert, + CERTCertDBHandle *certdb) { SECOidTag kind; CERTCertificateList *certlist, **certlists, ***certlistsp; int count; - kind = SEC_PKCS7ContentType (cinfo); + kind = SEC_PKCS7ContentType(cinfo); switch (kind) { - case SEC_OID_PKCS7_SIGNED_DATA: - { - SEC_PKCS7SignedData *sdp; - - sdp = cinfo->content.signedData; - certlistsp = &(sdp->certLists); - } - break; - case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: - { - SEC_PKCS7SignedAndEnvelopedData *saedp; - - saedp = cinfo->content.signedAndEnvelopedData; - certlistsp = &(saedp->certLists); - } - break; - default: - return SECFailure; /* XXX set an error? */ + case SEC_OID_PKCS7_SIGNED_DATA: { + SEC_PKCS7SignedData *sdp; + + sdp = cinfo->content.signedData; + certlistsp = &(sdp->certLists); + } break; + case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: { + SEC_PKCS7SignedAndEnvelopedData *saedp; + + saedp = cinfo->content.signedAndEnvelopedData; + certlistsp = &(saedp->certLists); + } break; + default: + return SECFailure; /* XXX set an error? */ } if (certdb == NULL) { - certdb = CERT_GetDefaultCertDB(); - if (certdb == NULL) { - PORT_SetError (SEC_ERROR_BAD_DATABASE); - return SECFailure; - } + certdb = CERT_GetDefaultCertDB(); + if (certdb == NULL) { + PORT_SetError(SEC_ERROR_BAD_DATABASE); + return SECFailure; + } } - certlist = CERT_CertChainFromCert (cert, certUsageEmailSigner, PR_FALSE); + certlist = CERT_CertChainFromCert(cert, certUsageEmailSigner, PR_FALSE); if (certlist == NULL) - return SECFailure; + return SECFailure; certlists = *certlistsp; if (certlists == NULL) { - count = 0; - certlists = (CERTCertificateList**)PORT_ArenaAlloc (cinfo->poolp, - 2 * sizeof(CERTCertificateList *)); + count = 0; + certlists = (CERTCertificateList **)PORT_ArenaAlloc(cinfo->poolp, + 2 * sizeof(CERTCertificateList *)); } else { - for (count = 0; certlists[count] != NULL; count++) - ; - PORT_Assert (count); /* should be at least one already */ - certlists = (CERTCertificateList**)PORT_ArenaGrow (cinfo->poolp, - certlists, - (count + 1) * sizeof(CERTCertificateList *), - (count + 2) * sizeof(CERTCertificateList *)); + for (count = 0; certlists[count] != NULL; count++) + ; + PORT_Assert(count); /* should be at least one already */ + certlists = (CERTCertificateList **)PORT_ArenaGrow(cinfo->poolp, + certlists, + (count + 1) * sizeof(CERTCertificateList *), + (count + 2) * sizeof(CERTCertificateList *)); } if (certlists == NULL) { - CERT_DestroyCertificateList (certlist); - return SECFailure; + CERT_DestroyCertificateList(certlist); + return SECFailure; } certlists[count] = certlist; @@ -798,62 +777,57 @@ sec_pkcs7_add_cert_chain (SEC_PKCS7ContentInfo *cinfo, return SECSuccess; } - /* * Helper function to add a certificate for inclusion in the bag of * certificates in a signedData. */ static SECStatus -sec_pkcs7_add_certificate (SEC_PKCS7ContentInfo *cinfo, - CERTCertificate *cert) +sec_pkcs7_add_certificate(SEC_PKCS7ContentInfo *cinfo, + CERTCertificate *cert) { SECOidTag kind; CERTCertificate **certs, ***certsp; int count; - kind = SEC_PKCS7ContentType (cinfo); + kind = SEC_PKCS7ContentType(cinfo); switch (kind) { - case SEC_OID_PKCS7_SIGNED_DATA: - { - SEC_PKCS7SignedData *sdp; - - sdp = cinfo->content.signedData; - certsp = &(sdp->certs); - } - break; - case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: - { - SEC_PKCS7SignedAndEnvelopedData *saedp; - - saedp = cinfo->content.signedAndEnvelopedData; - certsp = &(saedp->certs); - } - break; - default: - return SECFailure; /* XXX set an error? */ + case SEC_OID_PKCS7_SIGNED_DATA: { + SEC_PKCS7SignedData *sdp; + + sdp = cinfo->content.signedData; + certsp = &(sdp->certs); + } break; + case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: { + SEC_PKCS7SignedAndEnvelopedData *saedp; + + saedp = cinfo->content.signedAndEnvelopedData; + certsp = &(saedp->certs); + } break; + default: + return SECFailure; /* XXX set an error? */ } - cert = CERT_DupCertificate (cert); + cert = CERT_DupCertificate(cert); if (cert == NULL) - return SECFailure; + return SECFailure; certs = *certsp; if (certs == NULL) { - count = 0; - certs = (CERTCertificate**)PORT_ArenaAlloc (cinfo->poolp, - 2 * sizeof(CERTCertificate *)); + count = 0; + certs = (CERTCertificate **)PORT_ArenaAlloc(cinfo->poolp, + 2 * sizeof(CERTCertificate *)); } else { - for (count = 0; certs[count] != NULL; count++) - ; - PORT_Assert (count); /* should be at least one already */ - certs = (CERTCertificate**)PORT_ArenaGrow (cinfo->poolp, certs, - (count + 1) * sizeof(CERTCertificate *), - (count + 2) * sizeof(CERTCertificate *)); + for (count = 0; certs[count] != NULL; count++) + ; + PORT_Assert(count); /* should be at least one already */ + certs = (CERTCertificate **)PORT_ArenaGrow(cinfo->poolp, certs, + (count + 1) * sizeof(CERTCertificate *), + (count + 2) * sizeof(CERTCertificate *)); } if (certs == NULL) { - CERT_DestroyCertificate (cert); - return SECFailure; + CERT_DestroyCertificate(cert); + return SECFailure; } certs[count] = cert; @@ -864,7 +838,6 @@ sec_pkcs7_add_certificate (SEC_PKCS7ContentInfo *cinfo, return SECSuccess; } - /* * Create a PKCS7 certs-only container. * @@ -883,31 +856,30 @@ sec_pkcs7_add_certificate (SEC_PKCS7ContentInfo *cinfo, * (Retrieve specific errors via PORT_GetError()/XP_GetError().) */ SEC_PKCS7ContentInfo * -SEC_PKCS7CreateCertsOnly (CERTCertificate *cert, - PRBool include_chain, - CERTCertDBHandle *certdb) +SEC_PKCS7CreateCertsOnly(CERTCertificate *cert, + PRBool include_chain, + CERTCertDBHandle *certdb) { SEC_PKCS7ContentInfo *cinfo; SECStatus rv; - cinfo = sec_pkcs7_create_signed_data (NULL, NULL); + cinfo = sec_pkcs7_create_signed_data(NULL, NULL); if (cinfo == NULL) - return NULL; + return NULL; if (include_chain) - rv = sec_pkcs7_add_cert_chain (cinfo, cert, certdb); + rv = sec_pkcs7_add_cert_chain(cinfo, cert, certdb); else - rv = sec_pkcs7_add_certificate (cinfo, cert); + rv = sec_pkcs7_add_certificate(cinfo, cert); if (rv != SECSuccess) { - SEC_PKCS7DestroyContentInfo (cinfo); - return NULL; + SEC_PKCS7DestroyContentInfo(cinfo); + return NULL; } return cinfo; } - /* * Add "cert" and its entire chain to the set of certs included in "cinfo". * @@ -918,21 +890,19 @@ SEC_PKCS7CreateCertsOnly (CERTCertificate *cert, * SECFailure will be returned if it is not. */ SECStatus -SEC_PKCS7AddCertChain (SEC_PKCS7ContentInfo *cinfo, - CERTCertificate *cert, - CERTCertDBHandle *certdb) +SEC_PKCS7AddCertChain(SEC_PKCS7ContentInfo *cinfo, + CERTCertificate *cert, + CERTCertDBHandle *certdb) { SECOidTag kind; - kind = SEC_PKCS7ContentType (cinfo); - if (kind != SEC_OID_PKCS7_SIGNED_DATA - && kind != SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA) - return SECFailure; /* XXX set an error? */ + kind = SEC_PKCS7ContentType(cinfo); + if (kind != SEC_OID_PKCS7_SIGNED_DATA && kind != SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA) + return SECFailure; /* XXX set an error? */ - return sec_pkcs7_add_cert_chain (cinfo, cert, certdb); + return sec_pkcs7_add_cert_chain(cinfo, cert, certdb); } - /* * Add "cert" to the set of certs included in "cinfo". * @@ -940,30 +910,28 @@ SEC_PKCS7AddCertChain (SEC_PKCS7ContentInfo *cinfo, * SECFailure will be returned if it is not. */ SECStatus -SEC_PKCS7AddCertificate (SEC_PKCS7ContentInfo *cinfo, CERTCertificate *cert) +SEC_PKCS7AddCertificate(SEC_PKCS7ContentInfo *cinfo, CERTCertificate *cert) { SECOidTag kind; - kind = SEC_PKCS7ContentType (cinfo); - if (kind != SEC_OID_PKCS7_SIGNED_DATA - && kind != SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA) - return SECFailure; /* XXX set an error? */ + kind = SEC_PKCS7ContentType(cinfo); + if (kind != SEC_OID_PKCS7_SIGNED_DATA && kind != SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA) + return SECFailure; /* XXX set an error? */ - return sec_pkcs7_add_certificate (cinfo, cert); + return sec_pkcs7_add_certificate(cinfo, cert); } - static SECStatus -sec_pkcs7_init_encrypted_content_info (SEC_PKCS7EncryptedContentInfo *enccinfo, - PLArenaPool *poolp, - SECOidTag kind, PRBool detached, - SECOidTag encalg, int keysize) +sec_pkcs7_init_encrypted_content_info(SEC_PKCS7EncryptedContentInfo *enccinfo, + PLArenaPool *poolp, + SECOidTag kind, PRBool detached, + SECOidTag encalg, int keysize) { SECStatus rv; - PORT_Assert (enccinfo != NULL && poolp != NULL); + PORT_Assert(enccinfo != NULL && poolp != NULL); if (enccinfo == NULL || poolp == NULL) - return SECFailure; + return SECFailure; /* * XXX Some day we may want to allow for other kinds. That needs @@ -972,16 +940,15 @@ sec_pkcs7_init_encrypted_content_info (SEC_PKCS7EncryptedContentInfo *enccinfo, * They are responsible for creating the inner type and encoding, * if it is other than DATA. */ - PORT_Assert (kind == SEC_OID_PKCS7_DATA); + PORT_Assert(kind == SEC_OID_PKCS7_DATA); - enccinfo->contentTypeTag = SECOID_FindOIDByTag (kind); - PORT_Assert (enccinfo->contentTypeTag - && enccinfo->contentTypeTag->offset == kind); + enccinfo->contentTypeTag = SECOID_FindOIDByTag(kind); + PORT_Assert(enccinfo->contentTypeTag && enccinfo->contentTypeTag->offset == kind); - rv = SECITEM_CopyItem (poolp, &(enccinfo->contentType), - &(enccinfo->contentTypeTag->oid)); + rv = SECITEM_CopyItem(poolp, &(enccinfo->contentType), + &(enccinfo->contentTypeTag->oid)); if (rv != SECSuccess) - return rv; + return rv; /* Save keysize and algorithm for later. */ enccinfo->keysize = keysize; @@ -990,16 +957,15 @@ sec_pkcs7_init_encrypted_content_info (SEC_PKCS7EncryptedContentInfo *enccinfo, return SECSuccess; } - /* * Add a recipient to a PKCS7 thing, verifying their cert first. * Any error returns SECFailure. */ static SECStatus -sec_pkcs7_add_recipient (SEC_PKCS7ContentInfo *cinfo, - CERTCertificate *cert, - SECCertUsage certusage, - CERTCertDBHandle *certdb) +sec_pkcs7_add_recipient(SEC_PKCS7ContentInfo *cinfo, + CERTCertificate *cert, + SECCertUsage certusage, + CERTCertDBHandle *certdb) { SECOidTag kind; SEC_PKCS7RecipientInfo *recipientinfo, **recipientinfos, ***recipientinfosp; @@ -1007,26 +973,22 @@ sec_pkcs7_add_recipient (SEC_PKCS7ContentInfo *cinfo, void *mark; int count; - kind = SEC_PKCS7ContentType (cinfo); + kind = SEC_PKCS7ContentType(cinfo); switch (kind) { - case SEC_OID_PKCS7_ENVELOPED_DATA: - { - SEC_PKCS7EnvelopedData *edp; - - edp = cinfo->content.envelopedData; - recipientinfosp = &(edp->recipientInfos); - } - break; - case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: - { - SEC_PKCS7SignedAndEnvelopedData *saedp; - - saedp = cinfo->content.signedAndEnvelopedData; - recipientinfosp = &(saedp->recipientInfos); - } - break; - default: - return SECFailure; /* XXX set an error? */ + case SEC_OID_PKCS7_ENVELOPED_DATA: { + SEC_PKCS7EnvelopedData *edp; + + edp = cinfo->content.envelopedData; + recipientinfosp = &(edp->recipientInfos); + } break; + case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: { + SEC_PKCS7SignedAndEnvelopedData *saedp; + + saedp = cinfo->content.signedAndEnvelopedData; + recipientinfosp = &(saedp->recipientInfos); + } break; + default: + return SECFailure; /* XXX set an error? */ } /* @@ -1034,45 +996,44 @@ sec_pkcs7_add_recipient (SEC_PKCS7ContentInfo *cinfo, * a NULL database. */ if (certdb == NULL) { - certdb = CERT_GetDefaultCertDB(); - if (certdb == NULL) - return SECFailure; /* XXX set an error? */ + certdb = CERT_GetDefaultCertDB(); + if (certdb == NULL) + return SECFailure; /* XXX set an error? */ } - if (CERT_VerifyCert (certdb, cert, PR_TRUE, certusage, PR_Now(), - cinfo->pwfn_arg, NULL) != SECSuccess) - { - /* XXX Did CERT_VerifyCert set an error? */ - return SECFailure; + if (CERT_VerifyCert(certdb, cert, PR_TRUE, certusage, PR_Now(), + cinfo->pwfn_arg, NULL) != SECSuccess) { + /* XXX Did CERT_VerifyCert set an error? */ + return SECFailure; } - mark = PORT_ArenaMark (cinfo->poolp); + mark = PORT_ArenaMark(cinfo->poolp); - recipientinfo = (SEC_PKCS7RecipientInfo*)PORT_ArenaZAlloc (cinfo->poolp, - sizeof(SEC_PKCS7RecipientInfo)); + recipientinfo = (SEC_PKCS7RecipientInfo *)PORT_ArenaZAlloc(cinfo->poolp, + sizeof(SEC_PKCS7RecipientInfo)); if (recipientinfo == NULL) { - PORT_ArenaRelease (cinfo->poolp, mark); - return SECFailure; + PORT_ArenaRelease(cinfo->poolp, mark); + return SECFailure; } - dummy = SEC_ASN1EncodeInteger (cinfo->poolp, &recipientinfo->version, - SEC_PKCS7_RECIPIENT_INFO_VERSION); + dummy = SEC_ASN1EncodeInteger(cinfo->poolp, &recipientinfo->version, + SEC_PKCS7_RECIPIENT_INFO_VERSION); if (dummy == NULL) { - PORT_ArenaRelease (cinfo->poolp, mark); - return SECFailure; + PORT_ArenaRelease(cinfo->poolp, mark); + return SECFailure; } - PORT_Assert (dummy == &recipientinfo->version); + PORT_Assert(dummy == &recipientinfo->version); - recipientinfo->cert = CERT_DupCertificate (cert); + recipientinfo->cert = CERT_DupCertificate(cert); if (recipientinfo->cert == NULL) { - PORT_ArenaRelease (cinfo->poolp, mark); - return SECFailure; + PORT_ArenaRelease(cinfo->poolp, mark); + return SECFailure; } - recipientinfo->issuerAndSN = CERT_GetCertIssuerAndSN (cinfo->poolp, cert); + recipientinfo->issuerAndSN = CERT_GetCertIssuerAndSN(cinfo->poolp, cert); if (recipientinfo->issuerAndSN == NULL) { - PORT_ArenaRelease (cinfo->poolp, mark); - return SECFailure; + PORT_ArenaRelease(cinfo->poolp, mark); + return SECFailure; } /* @@ -1084,23 +1045,23 @@ sec_pkcs7_add_recipient (SEC_PKCS7ContentInfo *cinfo, */ recipientinfos = *recipientinfosp; if (recipientinfos == NULL) { - count = 0; - recipientinfos = (SEC_PKCS7RecipientInfo **)PORT_ArenaAlloc ( - cinfo->poolp, - 2 * sizeof(SEC_PKCS7RecipientInfo *)); + count = 0; + recipientinfos = (SEC_PKCS7RecipientInfo **)PORT_ArenaAlloc( + cinfo->poolp, + 2 * sizeof(SEC_PKCS7RecipientInfo *)); } else { - for (count = 0; recipientinfos[count] != NULL; count++) - ; - PORT_Assert (count); /* should be at least one already */ - recipientinfos = (SEC_PKCS7RecipientInfo **)PORT_ArenaGrow ( - cinfo->poolp, recipientinfos, - (count + 1) * sizeof(SEC_PKCS7RecipientInfo *), - (count + 2) * sizeof(SEC_PKCS7RecipientInfo *)); + for (count = 0; recipientinfos[count] != NULL; count++) + ; + PORT_Assert(count); /* should be at least one already */ + recipientinfos = (SEC_PKCS7RecipientInfo **)PORT_ArenaGrow( + cinfo->poolp, recipientinfos, + (count + 1) * sizeof(SEC_PKCS7RecipientInfo *), + (count + 2) * sizeof(SEC_PKCS7RecipientInfo *)); } if (recipientinfos == NULL) { - PORT_ArenaRelease (cinfo->poolp, mark); - return SECFailure; + PORT_ArenaRelease(cinfo->poolp, mark); + return SECFailure; } recipientinfos[count] = recipientinfo; @@ -1108,11 +1069,10 @@ sec_pkcs7_add_recipient (SEC_PKCS7ContentInfo *cinfo, *recipientinfosp = recipientinfos; - PORT_ArenaUnmark (cinfo->poolp, mark); + PORT_ArenaUnmark(cinfo->poolp, mark); return SECSuccess; } - /* * Start a PKCS7 enveloping context. * @@ -1140,42 +1100,42 @@ sec_pkcs7_add_recipient (SEC_PKCS7ContentInfo *cinfo, * (Retrieve specific errors via PORT_GetError()/XP_GetError().) */ extern SEC_PKCS7ContentInfo * -SEC_PKCS7CreateEnvelopedData (CERTCertificate *cert, - SECCertUsage certusage, - CERTCertDBHandle *certdb, - SECOidTag encalg, - int keysize, - SECKEYGetPasswordKey pwfn, void *pwfn_arg) +SEC_PKCS7CreateEnvelopedData(CERTCertificate *cert, + SECCertUsage certusage, + CERTCertDBHandle *certdb, + SECOidTag encalg, + int keysize, + SECKEYGetPasswordKey pwfn, void *pwfn_arg) { SEC_PKCS7ContentInfo *cinfo; SEC_PKCS7EnvelopedData *envd; SECStatus rv; - cinfo = sec_pkcs7_create_content_info (SEC_OID_PKCS7_ENVELOPED_DATA, - PR_FALSE, pwfn, pwfn_arg); + cinfo = sec_pkcs7_create_content_info(SEC_OID_PKCS7_ENVELOPED_DATA, + PR_FALSE, pwfn, pwfn_arg); if (cinfo == NULL) - return NULL; + return NULL; - rv = sec_pkcs7_add_recipient (cinfo, cert, certusage, certdb); + rv = sec_pkcs7_add_recipient(cinfo, cert, certusage, certdb); if (rv != SECSuccess) { - SEC_PKCS7DestroyContentInfo (cinfo); - return NULL; + SEC_PKCS7DestroyContentInfo(cinfo); + return NULL; } envd = cinfo->content.envelopedData; - PORT_Assert (envd != NULL); + PORT_Assert(envd != NULL); /* * XXX Might we want to allow content types other than data? * If so, via what interface? */ - rv = sec_pkcs7_init_encrypted_content_info (&(envd->encContentInfo), - cinfo->poolp, - SEC_OID_PKCS7_DATA, PR_FALSE, - encalg, keysize); + rv = sec_pkcs7_init_encrypted_content_info(&(envd->encContentInfo), + cinfo->poolp, + SEC_OID_PKCS7_DATA, PR_FALSE, + encalg, keysize); if (rv != SECSuccess) { - SEC_PKCS7DestroyContentInfo (cinfo); - return NULL; + SEC_PKCS7DestroyContentInfo(cinfo); + return NULL; } /* XXX Anything more to do here? */ @@ -1183,7 +1143,6 @@ SEC_PKCS7CreateEnvelopedData (CERTCertificate *cert, return cinfo; } - /* * Add another recipient to an encrypted message. * @@ -1202,15 +1161,14 @@ SEC_PKCS7CreateEnvelopedData (CERTCertificate *cert, * It can be NULL if a default database is available (like in the client). */ SECStatus -SEC_PKCS7AddRecipient (SEC_PKCS7ContentInfo *cinfo, - CERTCertificate *cert, - SECCertUsage certusage, - CERTCertDBHandle *certdb) +SEC_PKCS7AddRecipient(SEC_PKCS7ContentInfo *cinfo, + CERTCertificate *cert, + SECCertUsage certusage, + CERTCertDBHandle *certdb) { - return sec_pkcs7_add_recipient (cinfo, cert, certusage, certdb); + return sec_pkcs7_add_recipient(cinfo, cert, certusage, certdb); } - /* * Create an empty PKCS7 data content info. * @@ -1218,13 +1176,12 @@ SEC_PKCS7AddRecipient (SEC_PKCS7ContentInfo *cinfo, * (Retrieve specific errors via PORT_GetError()/XP_GetError().) */ SEC_PKCS7ContentInfo * -SEC_PKCS7CreateData (void) +SEC_PKCS7CreateData(void) { - return sec_pkcs7_create_content_info (SEC_OID_PKCS7_DATA, PR_FALSE, - NULL, NULL); + return sec_pkcs7_create_content_info(SEC_OID_PKCS7_DATA, PR_FALSE, + NULL, NULL); } - /* * Create an empty PKCS7 encrypted content info. * @@ -1234,24 +1191,24 @@ SEC_PKCS7CreateData (void) * (Retrieve specific errors via PORT_GetError()/XP_GetError().) */ SEC_PKCS7ContentInfo * -SEC_PKCS7CreateEncryptedData (SECOidTag algorithm, int keysize, - SECKEYGetPasswordKey pwfn, void *pwfn_arg) +SEC_PKCS7CreateEncryptedData(SECOidTag algorithm, int keysize, + SECKEYGetPasswordKey pwfn, void *pwfn_arg) { SEC_PKCS7ContentInfo *cinfo; SECAlgorithmID *algid; SEC_PKCS7EncryptedData *enc_data; SECStatus rv; - cinfo = sec_pkcs7_create_content_info (SEC_OID_PKCS7_ENCRYPTED_DATA, - PR_FALSE, pwfn, pwfn_arg); + cinfo = sec_pkcs7_create_content_info(SEC_OID_PKCS7_ENCRYPTED_DATA, + PR_FALSE, pwfn, pwfn_arg); if (cinfo == NULL) - return NULL; + return NULL; enc_data = cinfo->content.encryptedData; algid = &(enc_data->encContentInfo.contentEncAlg); if (!SEC_PKCS5IsAlgorithmPBEAlgTag(algorithm)) { - rv = SECOID_SetAlgorithmID (cinfo->poolp, algid, algorithm, NULL); + rv = SECOID_SetAlgorithmID(cinfo->poolp, algid, algorithm, NULL); } else { /* Assume password-based-encryption. * Note: we can't generate pkcs5v2 from this interface. @@ -1260,32 +1217,31 @@ SEC_PKCS7CreateEncryptedData (SECOidTag algorithm, int keysize, * NSS_CMSEncryptedData_Create accepts non-PBE oids as regular * CMS encrypted data, so we can't tell SEC_PKCS7CreateEncryptedtedData * to create pkcs5v2 PBEs */ - SECAlgorithmID *pbe_algid; - pbe_algid = PK11_CreatePBEAlgorithmID(algorithm, + SECAlgorithmID *pbe_algid; + pbe_algid = PK11_CreatePBEAlgorithmID(algorithm, NSS_PBE_DEFAULT_ITERATION_COUNT, NULL); - if (pbe_algid == NULL) { - rv = SECFailure; - } else { - rv = SECOID_CopyAlgorithmID (cinfo->poolp, algid, pbe_algid); - SECOID_DestroyAlgorithmID (pbe_algid, PR_TRUE); - } + if (pbe_algid == NULL) { + rv = SECFailure; + } else { + rv = SECOID_CopyAlgorithmID(cinfo->poolp, algid, pbe_algid); + SECOID_DestroyAlgorithmID(pbe_algid, PR_TRUE); + } } if (rv != SECSuccess) { - SEC_PKCS7DestroyContentInfo (cinfo); - return NULL; + SEC_PKCS7DestroyContentInfo(cinfo); + return NULL; } - rv = sec_pkcs7_init_encrypted_content_info (&(enc_data->encContentInfo), - cinfo->poolp, - SEC_OID_PKCS7_DATA, PR_FALSE, - algorithm, keysize); + rv = sec_pkcs7_init_encrypted_content_info(&(enc_data->encContentInfo), + cinfo->poolp, + SEC_OID_PKCS7_DATA, PR_FALSE, + algorithm, keysize); if (rv != SECSuccess) { - SEC_PKCS7DestroyContentInfo (cinfo); - return NULL; + SEC_PKCS7DestroyContentInfo(cinfo); + return NULL; } return cinfo; } - -- cgit v1.2.1