diff --git a/security/nss/lib/smime/cmslocal.h b/security/nss/lib/smime/cmslocal.h index be6405538b86..0e1c09294a09 100644 --- a/security/nss/lib/smime/cmslocal.h +++ b/security/nss/lib/smime/cmslocal.h @@ -42,7 +42,7 @@ * you. If that has a problem, then just move out what you need, changing * its name as appropriate! * - * $Id: cmslocal.h,v 1.4 2004/04/25 15:03:16 gerv%gerv.net Exp $ + * $Id: cmslocal.h,v 1.5 2005/06/27 22:21:18 julien.pierre.bugs%sun.com Exp $ */ #ifndef _CMSLOCAL_H_ @@ -333,6 +333,13 @@ NSS_CMSAttributeArray_AddAttr(PLArenaPool *poolp, NSSCMSAttribute ***attrs, NSSC extern SECStatus NSS_CMSAttributeArray_SetAttr(PLArenaPool *poolp, NSSCMSAttribute ***attrs, SECOidTag type, SECItem *value, PRBool encoded); +/* + * NSS_CMSSignedData_AddTempCertificate - add temporary certificate references. + * They may be needed for signature verification on the data, for example. + */ +extern SECStatus +NSS_CMSSignedData_AddTempCertificate(NSSCMSSignedData *sigd, CERTCertificate *cert); + /************************************************************************/ SEC_END_PROTOS diff --git a/security/nss/lib/smime/cmssigdata.c b/security/nss/lib/smime/cmssigdata.c index d76b39c0a89a..81ece5473dbe 100644 --- a/security/nss/lib/smime/cmssigdata.c +++ b/security/nss/lib/smime/cmssigdata.c @@ -37,7 +37,7 @@ /* * CMS signedData methods. * - * $Id: cmssigdata.c,v 1.28 2004/04/25 15:03:16 gerv%gerv.net Exp $ + * $Id: cmssigdata.c,v 1.29 2005/06/27 22:21:18 julien.pierre.bugs%sun.com Exp $ */ #include "cmslocal.h" @@ -86,7 +86,7 @@ loser: void NSS_CMSSignedData_Destroy(NSSCMSSignedData *sigd) { - CERTCertificate **certs, *cert; + CERTCertificate **certs, **tempCerts, *cert; CERTCertificateList **certlists, *certlist; NSSCMSSignerInfo **signerinfos, *si; @@ -94,6 +94,7 @@ NSS_CMSSignedData_Destroy(NSSCMSSignedData *sigd) return; certs = sigd->certs; + tempCerts = sigd->tempCerts; certlists = sigd->certLists; signerinfos = sigd->signerInfos; @@ -102,6 +103,11 @@ NSS_CMSSignedData_Destroy(NSSCMSSignedData *sigd) CERT_DestroyCertificate (cert); } + if (tempCerts != NULL) { + while ((cert = *tempCerts++) != NULL) + CERT_DestroyCertificate (cert); + } + if (certlists != NULL) { while ((certlist = *certlists++) != NULL) CERT_DestroyCertificateList (certlist); @@ -550,6 +556,13 @@ NSS_CMSSignedData_ImportCerts(NSSCMSSignedData *sigd, CERTCertDBHandle *certdb, goto loser; } + /* save the certs so they don't get destroyed */ + for (i=0; i < certcount; i++) { + CERTCertificate *cert = certArray[i]; + if (cert) + NSS_CMSSignedData_AddTempCertificate(sigd, cert); + } + if (!keepcerts) { goto done; } @@ -782,6 +795,22 @@ NSS_CMSSignedData_AddCertChain(NSSCMSSignedData *sigd, CERTCertificate *cert) return rv; } +extern SECStatus +NSS_CMSSignedData_AddTempCertificate(NSSCMSSignedData *sigd, CERTCertificate *cert) +{ + CERTCertificate *c; + SECStatus rv; + + if (!sigd || !cert) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + + c = CERT_DupCertificate(cert); + rv = NSS_CMSArray_Add(sigd->cmsg->poolp, (void ***)&(sigd->tempCerts), (void *)c); + return rv; +} + SECStatus NSS_CMSSignedData_AddCertificate(NSSCMSSignedData *sigd, CERTCertificate *cert) { diff --git a/security/nss/lib/smime/cmst.h b/security/nss/lib/smime/cmst.h index 3fb9e5d28816..b5de52b109ba 100644 --- a/security/nss/lib/smime/cmst.h +++ b/security/nss/lib/smime/cmst.h @@ -37,7 +37,7 @@ /* * Header for CMS types. * - * $Id: cmst.h,v 1.9 2004/04/25 15:03:16 gerv%gerv.net Exp $ + * $Id: cmst.h,v 1.10 2005/06/27 22:21:19 julien.pierre.bugs%sun.com Exp $ */ #ifndef _CMST_H_ @@ -202,6 +202,9 @@ struct NSSCMSSignedDataStr { SECItem ** digests; CERTCertificate ** certs; CERTCertificateList ** certLists; + CERTCertificate ** tempCerts; /* temporary certs, needed + * for example for signature + * verification */ }; #define NSS_CMS_SIGNED_DATA_VERSION_BASIC 1 /* what we *create* */ #define NSS_CMS_SIGNED_DATA_VERSION_EXT 3 /* what we *create* */