Fix for 298538 - fix signature verification in S/MIME with signer-only cert. r=wtchang, nelson

This commit is contained in:
julien.pierre.bugs%sun.com 2005-06-27 22:21:19 +00:00
Родитель e4cfad4ff7
Коммит bdac92c933
3 изменённых файлов: 43 добавлений и 4 удалений

Просмотреть файл

@ -42,7 +42,7 @@
* you. If that has a problem, then just move out what you need, changing
* its name as appropriate!
*
* $Id: cmslocal.h,v 1.4 2004-04-25 15:03:16 gerv%gerv.net Exp $
* $Id: cmslocal.h,v 1.5 2005-06-27 22:21:18 julien.pierre.bugs%sun.com Exp $
*/
#ifndef _CMSLOCAL_H_
@ -333,6 +333,13 @@ NSS_CMSAttributeArray_AddAttr(PLArenaPool *poolp, NSSCMSAttribute ***attrs, NSSC
extern SECStatus
NSS_CMSAttributeArray_SetAttr(PLArenaPool *poolp, NSSCMSAttribute ***attrs, SECOidTag type, SECItem *value, PRBool encoded);
/*
* NSS_CMSSignedData_AddTempCertificate - add temporary certificate references.
* They may be needed for signature verification on the data, for example.
*/
extern SECStatus
NSS_CMSSignedData_AddTempCertificate(NSSCMSSignedData *sigd, CERTCertificate *cert);
/************************************************************************/
SEC_END_PROTOS

Просмотреть файл

@ -37,7 +37,7 @@
/*
* CMS signedData methods.
*
* $Id: cmssigdata.c,v 1.28 2004-04-25 15:03:16 gerv%gerv.net Exp $
* $Id: cmssigdata.c,v 1.29 2005-06-27 22:21:18 julien.pierre.bugs%sun.com Exp $
*/
#include "cmslocal.h"
@ -86,7 +86,7 @@ loser:
void
NSS_CMSSignedData_Destroy(NSSCMSSignedData *sigd)
{
CERTCertificate **certs, *cert;
CERTCertificate **certs, **tempCerts, *cert;
CERTCertificateList **certlists, *certlist;
NSSCMSSignerInfo **signerinfos, *si;
@ -94,6 +94,7 @@ NSS_CMSSignedData_Destroy(NSSCMSSignedData *sigd)
return;
certs = sigd->certs;
tempCerts = sigd->tempCerts;
certlists = sigd->certLists;
signerinfos = sigd->signerInfos;
@ -102,6 +103,11 @@ NSS_CMSSignedData_Destroy(NSSCMSSignedData *sigd)
CERT_DestroyCertificate (cert);
}
if (tempCerts != NULL) {
while ((cert = *tempCerts++) != NULL)
CERT_DestroyCertificate (cert);
}
if (certlists != NULL) {
while ((certlist = *certlists++) != NULL)
CERT_DestroyCertificateList (certlist);
@ -550,6 +556,13 @@ NSS_CMSSignedData_ImportCerts(NSSCMSSignedData *sigd, CERTCertDBHandle *certdb,
goto loser;
}
/* save the certs so they don't get destroyed */
for (i=0; i < certcount; i++) {
CERTCertificate *cert = certArray[i];
if (cert)
NSS_CMSSignedData_AddTempCertificate(sigd, cert);
}
if (!keepcerts) {
goto done;
}
@ -782,6 +795,22 @@ NSS_CMSSignedData_AddCertChain(NSSCMSSignedData *sigd, CERTCertificate *cert)
return rv;
}
extern SECStatus
NSS_CMSSignedData_AddTempCertificate(NSSCMSSignedData *sigd, CERTCertificate *cert)
{
CERTCertificate *c;
SECStatus rv;
if (!sigd || !cert) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
c = CERT_DupCertificate(cert);
rv = NSS_CMSArray_Add(sigd->cmsg->poolp, (void ***)&(sigd->tempCerts), (void *)c);
return rv;
}
SECStatus
NSS_CMSSignedData_AddCertificate(NSSCMSSignedData *sigd, CERTCertificate *cert)
{

Просмотреть файл

@ -37,7 +37,7 @@
/*
* Header for CMS types.
*
* $Id: cmst.h,v 1.9 2004-04-25 15:03:16 gerv%gerv.net Exp $
* $Id: cmst.h,v 1.10 2005-06-27 22:21:19 julien.pierre.bugs%sun.com Exp $
*/
#ifndef _CMST_H_
@ -202,6 +202,9 @@ struct NSSCMSSignedDataStr {
SECItem ** digests;
CERTCertificate ** certs;
CERTCertificateList ** certLists;
CERTCertificate ** tempCerts; /* temporary certs, needed
* for example for signature
* verification */
};
#define NSS_CMS_SIGNED_DATA_VERSION_BASIC 1 /* what we *create* */
#define NSS_CMS_SIGNED_DATA_VERSION_EXT 3 /* what we *create* */