зеркало из https://github.com/mozilla/pjs.git
Fix for 298538 - fix signature verification in S/MIME with signer-only cert. r=wtchang, nelson
This commit is contained in:
Родитель
e4cfad4ff7
Коммит
bdac92c933
|
@ -42,7 +42,7 @@
|
|||
* you. If that has a problem, then just move out what you need, changing
|
||||
* its name as appropriate!
|
||||
*
|
||||
* $Id: cmslocal.h,v 1.4 2004-04-25 15:03:16 gerv%gerv.net Exp $
|
||||
* $Id: cmslocal.h,v 1.5 2005-06-27 22:21:18 julien.pierre.bugs%sun.com Exp $
|
||||
*/
|
||||
|
||||
#ifndef _CMSLOCAL_H_
|
||||
|
@ -333,6 +333,13 @@ NSS_CMSAttributeArray_AddAttr(PLArenaPool *poolp, NSSCMSAttribute ***attrs, NSSC
|
|||
extern SECStatus
|
||||
NSS_CMSAttributeArray_SetAttr(PLArenaPool *poolp, NSSCMSAttribute ***attrs, SECOidTag type, SECItem *value, PRBool encoded);
|
||||
|
||||
/*
|
||||
* NSS_CMSSignedData_AddTempCertificate - add temporary certificate references.
|
||||
* They may be needed for signature verification on the data, for example.
|
||||
*/
|
||||
extern SECStatus
|
||||
NSS_CMSSignedData_AddTempCertificate(NSSCMSSignedData *sigd, CERTCertificate *cert);
|
||||
|
||||
/************************************************************************/
|
||||
SEC_END_PROTOS
|
||||
|
||||
|
|
|
@ -37,7 +37,7 @@
|
|||
/*
|
||||
* CMS signedData methods.
|
||||
*
|
||||
* $Id: cmssigdata.c,v 1.28 2004-04-25 15:03:16 gerv%gerv.net Exp $
|
||||
* $Id: cmssigdata.c,v 1.29 2005-06-27 22:21:18 julien.pierre.bugs%sun.com Exp $
|
||||
*/
|
||||
|
||||
#include "cmslocal.h"
|
||||
|
@ -86,7 +86,7 @@ loser:
|
|||
void
|
||||
NSS_CMSSignedData_Destroy(NSSCMSSignedData *sigd)
|
||||
{
|
||||
CERTCertificate **certs, *cert;
|
||||
CERTCertificate **certs, **tempCerts, *cert;
|
||||
CERTCertificateList **certlists, *certlist;
|
||||
NSSCMSSignerInfo **signerinfos, *si;
|
||||
|
||||
|
@ -94,6 +94,7 @@ NSS_CMSSignedData_Destroy(NSSCMSSignedData *sigd)
|
|||
return;
|
||||
|
||||
certs = sigd->certs;
|
||||
tempCerts = sigd->tempCerts;
|
||||
certlists = sigd->certLists;
|
||||
signerinfos = sigd->signerInfos;
|
||||
|
||||
|
@ -102,6 +103,11 @@ NSS_CMSSignedData_Destroy(NSSCMSSignedData *sigd)
|
|||
CERT_DestroyCertificate (cert);
|
||||
}
|
||||
|
||||
if (tempCerts != NULL) {
|
||||
while ((cert = *tempCerts++) != NULL)
|
||||
CERT_DestroyCertificate (cert);
|
||||
}
|
||||
|
||||
if (certlists != NULL) {
|
||||
while ((certlist = *certlists++) != NULL)
|
||||
CERT_DestroyCertificateList (certlist);
|
||||
|
@ -550,6 +556,13 @@ NSS_CMSSignedData_ImportCerts(NSSCMSSignedData *sigd, CERTCertDBHandle *certdb,
|
|||
goto loser;
|
||||
}
|
||||
|
||||
/* save the certs so they don't get destroyed */
|
||||
for (i=0; i < certcount; i++) {
|
||||
CERTCertificate *cert = certArray[i];
|
||||
if (cert)
|
||||
NSS_CMSSignedData_AddTempCertificate(sigd, cert);
|
||||
}
|
||||
|
||||
if (!keepcerts) {
|
||||
goto done;
|
||||
}
|
||||
|
@ -782,6 +795,22 @@ NSS_CMSSignedData_AddCertChain(NSSCMSSignedData *sigd, CERTCertificate *cert)
|
|||
return rv;
|
||||
}
|
||||
|
||||
extern SECStatus
|
||||
NSS_CMSSignedData_AddTempCertificate(NSSCMSSignedData *sigd, CERTCertificate *cert)
|
||||
{
|
||||
CERTCertificate *c;
|
||||
SECStatus rv;
|
||||
|
||||
if (!sigd || !cert) {
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
c = CERT_DupCertificate(cert);
|
||||
rv = NSS_CMSArray_Add(sigd->cmsg->poolp, (void ***)&(sigd->tempCerts), (void *)c);
|
||||
return rv;
|
||||
}
|
||||
|
||||
SECStatus
|
||||
NSS_CMSSignedData_AddCertificate(NSSCMSSignedData *sigd, CERTCertificate *cert)
|
||||
{
|
||||
|
|
|
@ -37,7 +37,7 @@
|
|||
/*
|
||||
* Header for CMS types.
|
||||
*
|
||||
* $Id: cmst.h,v 1.9 2004-04-25 15:03:16 gerv%gerv.net Exp $
|
||||
* $Id: cmst.h,v 1.10 2005-06-27 22:21:19 julien.pierre.bugs%sun.com Exp $
|
||||
*/
|
||||
|
||||
#ifndef _CMST_H_
|
||||
|
@ -202,6 +202,9 @@ struct NSSCMSSignedDataStr {
|
|||
SECItem ** digests;
|
||||
CERTCertificate ** certs;
|
||||
CERTCertificateList ** certLists;
|
||||
CERTCertificate ** tempCerts; /* temporary certs, needed
|
||||
* for example for signature
|
||||
* verification */
|
||||
};
|
||||
#define NSS_CMS_SIGNED_DATA_VERSION_BASIC 1 /* what we *create* */
|
||||
#define NSS_CMS_SIGNED_DATA_VERSION_EXT 3 /* what we *create* */
|
||||
|
|
Загрузка…
Ссылка в новой задаче