diff options
author | julien.pierre.bugs%sun.com <devnull@localhost> | 2005-06-27 22:21:29 +0000 |
---|---|---|
committer | julien.pierre.bugs%sun.com <devnull@localhost> | 2005-06-27 22:21:29 +0000 |
commit | 03cc0d5b2ba1d502171246c97518a49171fe7e85 (patch) | |
tree | 875dd28aef514d276300e8bd973aba94b9ba0934 | |
parent | 16490282e42c142258edefc7997f9f15009fab9e (diff) | |
download | nss-hg-03cc0d5b2ba1d502171246c97518a49171fe7e85.tar.gz |
Fix for 298538 - fix signature verification in S/MIME with signer-only cert. r=wtchang, nelson
-rw-r--r-- | security/nss/lib/smime/cmslocal.h | 7 | ||||
-rw-r--r-- | security/nss/lib/smime/cmssigdata.c | 31 | ||||
-rw-r--r-- | security/nss/lib/smime/cmst.h | 3 |
3 files changed, 40 insertions, 1 deletions
diff --git a/security/nss/lib/smime/cmslocal.h b/security/nss/lib/smime/cmslocal.h index 78e093c12..666eeb033 100644 --- a/security/nss/lib/smime/cmslocal.h +++ b/security/nss/lib/smime/cmslocal.h @@ -333,6 +333,13 @@ NSS_CMSAttributeArray_AddAttr(PLArenaPool *poolp, NSSCMSAttribute ***attrs, NSSC extern SECStatus NSS_CMSAttributeArray_SetAttr(PLArenaPool *poolp, NSSCMSAttribute ***attrs, SECOidTag type, SECItem *value, PRBool encoded); +/* + * NSS_CMSSignedData_AddTempCertificate - add temporary certificate references. + * They may be needed for signature verification on the data, for example. + */ +extern SECStatus +NSS_CMSSignedData_AddTempCertificate(NSSCMSSignedData *sigd, CERTCertificate *cert); + /************************************************************************/ SEC_END_PROTOS diff --git a/security/nss/lib/smime/cmssigdata.c b/security/nss/lib/smime/cmssigdata.c index b3b435c23..0ba771d65 100644 --- a/security/nss/lib/smime/cmssigdata.c +++ b/security/nss/lib/smime/cmssigdata.c @@ -86,7 +86,7 @@ loser: void NSS_CMSSignedData_Destroy(NSSCMSSignedData *sigd) { - CERTCertificate **certs, *cert; + CERTCertificate **certs, **tempCerts, *cert; CERTCertificateList **certlists, *certlist; NSSCMSSignerInfo **signerinfos, *si; @@ -94,6 +94,7 @@ NSS_CMSSignedData_Destroy(NSSCMSSignedData *sigd) return; certs = sigd->certs; + tempCerts = sigd->tempCerts; certlists = sigd->certLists; signerinfos = sigd->signerInfos; @@ -102,6 +103,11 @@ NSS_CMSSignedData_Destroy(NSSCMSSignedData *sigd) CERT_DestroyCertificate (cert); } + if (tempCerts != NULL) { + while ((cert = *tempCerts++) != NULL) + CERT_DestroyCertificate (cert); + } + if (certlists != NULL) { while ((certlist = *certlists++) != NULL) CERT_DestroyCertificateList (certlist); @@ -550,6 +556,13 @@ NSS_CMSSignedData_ImportCerts(NSSCMSSignedData *sigd, CERTCertDBHandle *certdb, goto loser; } + /* save the certs so they don't get destroyed */ + for (i=0; i < certcount; i++) { + CERTCertificate *cert = certArray[i]; + if (cert) + NSS_CMSSignedData_AddTempCertificate(sigd, cert); + } + if (!keepcerts) { goto done; } @@ -782,6 +795,22 @@ NSS_CMSSignedData_AddCertChain(NSSCMSSignedData *sigd, CERTCertificate *cert) return rv; } +extern SECStatus +NSS_CMSSignedData_AddTempCertificate(NSSCMSSignedData *sigd, CERTCertificate *cert) +{ + CERTCertificate *c; + SECStatus rv; + + if (!sigd || !cert) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + + c = CERT_DupCertificate(cert); + rv = NSS_CMSArray_Add(sigd->cmsg->poolp, (void ***)&(sigd->tempCerts), (void *)c); + return rv; +} + SECStatus NSS_CMSSignedData_AddCertificate(NSSCMSSignedData *sigd, CERTCertificate *cert) { diff --git a/security/nss/lib/smime/cmst.h b/security/nss/lib/smime/cmst.h index a1c1bd65a..82f24da14 100644 --- a/security/nss/lib/smime/cmst.h +++ b/security/nss/lib/smime/cmst.h @@ -202,6 +202,9 @@ struct NSSCMSSignedDataStr { SECItem ** digests; CERTCertificate ** certs; CERTCertificateList ** certLists; + CERTCertificate ** tempCerts; /* temporary certs, needed + * for example for signature + * verification */ }; #define NSS_CMS_SIGNED_DATA_VERSION_BASIC 1 /* what we *create* */ #define NSS_CMS_SIGNED_DATA_VERSION_EXT 3 /* what we *create* */ |