Fix for 298538 - fix signature verification in S/MIME with signer-only cert. r=wtchang, nelson

security/nss/lib/smime/cmslocal.h

@@ -42,7 +42,7 @@
  * you.  If that has a problem, then just move out what you need, changing
  * its name as appropriate!
  *
- * $Id: cmslocal.h,v 1.4 2004/04/25 15:03:16 gerv%gerv.net Exp $
+ * $Id: cmslocal.h,v 1.5 2005/06/27 22:21:18 julien.pierre.bugs%sun.com Exp $
  */
 
 #ifndef _CMSLOCAL_H_
@@ -333,6 +333,13 @@ NSS_CMSAttributeArray_AddAttr(PLArenaPool *poolp, NSSCMSAttribute ***attrs, NSSC
 extern SECStatus
 NSS_CMSAttributeArray_SetAttr(PLArenaPool *poolp, NSSCMSAttribute ***attrs, SECOidTag type, SECItem *value, PRBool encoded);
 
+/*
+ * NSS_CMSSignedData_AddTempCertificate - add temporary certificate references.
+ * They may be needed for signature verification on the data, for example.
+ */
+extern SECStatus
+NSS_CMSSignedData_AddTempCertificate(NSSCMSSignedData *sigd, CERTCertificate *cert);
+
 /************************************************************************/
 SEC_END_PROTOS
 

security/nss/lib/smime/cmssigdata.c

@@ -37,7 +37,7 @@
 /*
  * CMS signedData methods.
  *
- * $Id: cmssigdata.c,v 1.28 2004/04/25 15:03:16 gerv%gerv.net Exp $
+ * $Id: cmssigdata.c,v 1.29 2005/06/27 22:21:18 julien.pierre.bugs%sun.com Exp $
  */
 
 #include "cmslocal.h"
@@ -86,7 +86,7 @@ loser:
 void
 NSS_CMSSignedData_Destroy(NSSCMSSignedData *sigd)
 {
-    CERTCertificate **certs, *cert;
+    CERTCertificate **certs, **tempCerts, *cert;
     CERTCertificateList **certlists, *certlist;
     NSSCMSSignerInfo **signerinfos, *si;
 
@@ -94,6 +94,7 @@ NSS_CMSSignedData_Destroy(NSSCMSSignedData *sigd)
 	return;
 
     certs = sigd->certs;
+    tempCerts = sigd->tempCerts;
     certlists = sigd->certLists;
     signerinfos = sigd->signerInfos;
 
@@ -102,6 +103,11 @@ NSS_CMSSignedData_Destroy(NSSCMSSignedData *sigd)
 	    CERT_DestroyCertificate (cert);
     }
 
+    if (tempCerts != NULL) {
+	while ((cert = *tempCerts++) != NULL)
+	    CERT_DestroyCertificate (cert);
+    }
+
     if (certlists != NULL) {
 	while ((certlist = *certlists++) != NULL)
 	    CERT_DestroyCertificateList (certlist);
@@ -550,6 +556,13 @@ NSS_CMSSignedData_ImportCerts(NSSCMSSignedData *sigd, CERTCertDBHandle *certdb,
 	goto loser;
     }
 
+    /* save the certs so they don't get destroyed */
+    for (i=0; i < certcount; i++) {
+	CERTCertificate *cert = certArray[i];
+	if (cert)
+            NSS_CMSSignedData_AddTempCertificate(sigd, cert);
+    }
+
     if (!keepcerts) {
 	goto done;
     }
@@ -782,6 +795,22 @@ NSS_CMSSignedData_AddCertChain(NSSCMSSignedData *sigd, CERTCertificate *cert)
     return rv;
 }
 
+extern SECStatus
+NSS_CMSSignedData_AddTempCertificate(NSSCMSSignedData *sigd, CERTCertificate *cert)
+{
+    CERTCertificate *c;
+    SECStatus rv;
+
+    if (!sigd || !cert) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    c = CERT_DupCertificate(cert);
+    rv = NSS_CMSArray_Add(sigd->cmsg->poolp, (void ***)&(sigd->tempCerts), (void *)c);
+    return rv;
+}
+
 SECStatus
 NSS_CMSSignedData_AddCertificate(NSSCMSSignedData *sigd, CERTCertificate *cert)
 {

security/nss/lib/smime/cmst.h

@@ -37,7 +37,7 @@
 /*
  * Header for CMS types.
  *
- * $Id: cmst.h,v 1.9 2004/04/25 15:03:16 gerv%gerv.net Exp $
+ * $Id: cmst.h,v 1.10 2005/06/27 22:21:19 julien.pierre.bugs%sun.com Exp $
  */
 
 #ifndef _CMST_H_
@@ -202,6 +202,9 @@ struct NSSCMSSignedDataStr {
     SECItem **			digests;
     CERTCertificate **		certs;
     CERTCertificateList **	certLists;
+    CERTCertificate **          tempCerts;              /* temporary certs, needed
+                                                         * for example for signature
+                                                         * verification */
 };
 #define NSS_CMS_SIGNED_DATA_VERSION_BASIC	1	/* what we *create* */
 #define NSS_CMS_SIGNED_DATA_VERSION_EXT		3	/* what we *create* */