NSS_CMSSignerInfo_Verify()

- This function is changed to explicitly allow some of its input arguments to be NULL. It will set the verification status in the CMSSignerInfo object accordingly. Since this is the ONLY function that ever sets the verification status, it must be able to do so even when problems have occurred. - lots of cleanup of this source code. Bugscape bug 54208, r=relyea
author: nelsonb%netscape.com <devnull@localhost> 2003-12-04 00:29:31 +0000
committer: nelsonb%netscape.com <devnull@localhost> 2003-12-04 00:29:31 +0000
commit: 49108b5351ff05e890785530f89648834d75344b (patch)
tree: 7ad7e76f01cd64b3ea95ee4d468686cad59f95c7 /security/nss/lib/smime
parent: e1e95392433b97cddaeac1a9640db3cf9e56626b (diff)
download: nss-hg-49108b5351ff05e890785530f89648834d75344b.tar.gz
1 files changed, 36 insertions, 23 deletions
diff --git a/security/nss/lib/smime/cmssiginfo.c b/security/nss/lib/smime/cmssiginfo.c
index 13e5a241e..a12adc3da 100644
--- a/security/nss/lib/smime/cmssiginfo.c
+++ b/security/nss/lib/smime/cmssiginfo.c
@@ -309,7 +309,7 @@ NSS_CMSSignerInfo_VerifyCertificate(NSSCMSSignerInfo *signerinfo, CERTCertDBHand
      * email profile.
      */
     if (NSS_CMSSignerInfo_GetSigningTime (signerinfo, &stime) != SECSuccess)
-	stime = PR_Now();	/* not found or conversion failed, so check against now */
+	stime = PR_Now(); /* not found or conversion failed, so check against now */
     
     /*
      * XXX  This uses the signing time, if available.  Additionally, we
@@ -319,7 +319,8 @@ NSS_CMSSignerInfo_VerifyCertificate(NSSCMSSignerInfo *signerinfo, CERTCertDBHand
      * in a time (and for non-S/MIME callers to pass in nothing, or
      * maybe make them pass in the current time, always?).
      */
-    if (CERT_VerifyCert(certdb, cert, PR_TRUE, certusage, stime, signerinfo->cmsg->pwfn_arg, NULL) != SECSuccess) {
+    if (CERT_VerifyCert(certdb, cert, PR_TRUE, certusage, stime, 
+                        signerinfo->cmsg->pwfn_arg, NULL) != SECSuccess) {
 	signerinfo->verificationStatus = NSSCMSVS_SigningCertNotTrusted;
 	return SECFailure;
     }
@@ -329,11 +330,13 @@ NSS_CMSSignerInfo_VerifyCertificate(NSSCMSSignerInfo *signerinfo, CERTCertDBHand
 /*
  * NSS_CMSSignerInfo_Verify - verify the signature of a single SignerInfo
  *
- * Just verifies the signature. The assumption is that verification of the certificate
- * is done already.
+ * Just verifies the signature. The assumption is that verification of 
+ * the certificate is done already.
  */
 SECStatus
-NSS_CMSSignerInfo_Verify(NSSCMSSignerInfo *signerinfo, SECItem *digest, SECItem *contentType)
+NSS_CMSSignerInfo_Verify(NSSCMSSignerInfo *signerinfo, 
+                         SECItem *digest,               /* may be NULL */
+                         SECItem *contentType)          /* may be NULL */
 {
     SECKEYPublicKey *publickey = NULL;
     NSSCMSAttribute *attr;
@@ -345,9 +348,11 @@ NSS_CMSSignerInfo_Verify(NSSCMSSignerInfo *signerinfo, SECItem *digest, SECItem
     if (signerinfo == NULL)
 	return SECFailure;
 
-    /* NSS_CMSSignerInfo_GetSigningCertificate will fail if 2nd parm is NULL and */
-    /* cert has not been verified */
-    if ((cert = NSS_CMSSignerInfo_GetSigningCertificate(signerinfo, NULL)) == NULL) {
+    /* NSS_CMSSignerInfo_GetSigningCertificate will fail if 2nd parm is NULL 
+    ** and cert has not been verified 
+    */
+    cert = NSS_CMSSignerInfo_GetSigningCertificate(signerinfo, NULL);
+    if (cert == NULL) {
 	vs = NSSCMSVS_SigningCertNotFound;
 	goto loser;
     }
@@ -390,9 +395,9 @@ NSS_CMSSignerInfo_Verify(NSSCMSSignerInfo *signerinfo, SECItem *digest, SECItem
 	     * be one for message digest which matches our message digest.
 	     * So check these things first.
 	     */
-	    if ((attr = NSS_CMSAttributeArray_FindAttrByOidTag(signerinfo->authAttr,
-					SEC_OID_PKCS9_CONTENT_TYPE, PR_TRUE)) == NULL)
-	    {
+	    attr = NSS_CMSAttributeArray_FindAttrByOidTag(signerinfo->authAttr,
+					SEC_OID_PKCS9_CONTENT_TYPE, PR_TRUE);
+	    if (attr == NULL) {
 		vs = NSSCMSVS_MalformedSignature;
 		goto loser;
 	    }
@@ -406,12 +411,14 @@ NSS_CMSSignerInfo_Verify(NSSCMSSignerInfo *signerinfo, SECItem *digest, SECItem
 	/*
 	 * Check digest
 	 */
-	if ((attr = NSS_CMSAttributeArray_FindAttrByOidTag(signerinfo->authAttr, SEC_OID_PKCS9_MESSAGE_DIGEST, PR_TRUE)) == NULL)
-	{
+	attr = NSS_CMSAttributeArray_FindAttrByOidTag(signerinfo->authAttr, 
+	                              SEC_OID_PKCS9_MESSAGE_DIGEST, PR_TRUE);
+	if (attr == NULL) {
 	    vs = NSSCMSVS_MalformedSignature;
 	    goto loser;
 	}
-	if (NSS_CMSAttribute_CompareValue(attr, digest) == PR_FALSE) {
+	if (!digest || 
+	    NSS_CMSAttribute_CompareValue(attr, digest) == PR_FALSE) {
 	    vs = NSSCMSVS_DigestMismatch;
 	    goto loser;
 	}
@@ -426,14 +433,15 @@ NSS_CMSSignerInfo_Verify(NSSCMSSignerInfo *signerinfo, SECItem *digest, SECItem
 	 *
 	 * The signature is based on a digest of the DER-encoded authenticated
 	 * attributes.  So, first we encode and then we digest/verify.
-	 * we trust the decoder to have the attributes in the right (sorted) order
+	 * we trust the decoder to have the attributes in the right (sorted) 
+	 * order
 	 */
 	encoded_attrs.data = NULL;
 	encoded_attrs.len = 0;
 
-	if (NSS_CMSAttributeArray_Encode(poolp, &(signerinfo->authAttr), &encoded_attrs) == NULL ||
-		encoded_attrs.data == NULL || encoded_attrs.len == 0)
-	{
+	if (NSS_CMSAttributeArray_Encode(poolp, &(signerinfo->authAttr), 
+	                                 &encoded_attrs) == NULL ||
+		encoded_attrs.data == NULL || encoded_attrs.len == 0) {
 	    vs = NSSCMSVS_ProcessingError;
 	    goto loser;
 	}
@@ -441,21 +449,26 @@ NSS_CMSSignerInfo_Verify(NSSCMSSignerInfo *signerinfo, SECItem *digest, SECItem
 	vs = (VFY_VerifyData (encoded_attrs.data, encoded_attrs.len,
 			publickey, &(signerinfo->encDigest),
 			SECOID_GetAlgorithmTag(&(signerinfo->digestEncAlg)),
-			signerinfo->cmsg->pwfn_arg) != SECSuccess) ? NSSCMSVS_BadSignature : NSSCMSVS_GoodSignature;
+			signerinfo->cmsg->pwfn_arg) != SECSuccess) 
+			? NSSCMSVS_BadSignature : NSSCMSVS_GoodSignature;
 
-	PORT_FreeArena(poolp, PR_FALSE);	/* awkward memory management :-( */
+	PORT_FreeArena(poolp, PR_FALSE);  /* awkward memory management :-( */
 
     } else {
 	SECItem *sig;
 
-	/* No authenticated attributes. The signature is based on the plain message digest. */
+	/* No authenticated attributes. 
+	** The signature is based on the plain message digest. 
+	*/
 	sig = &(signerinfo->encDigest);
 	if (sig->len == 0)
 	    goto loser;
 
-	vs = (VFY_VerifyDigest(digest, publickey, sig,
+	vs = (!digest || 
+	      VFY_VerifyDigest(digest, publickey, sig,
 			SECOID_GetAlgorithmTag(&(signerinfo->digestEncAlg)),
-			signerinfo->cmsg->pwfn_arg) != SECSuccess) ? NSSCMSVS_BadSignature : NSSCMSVS_GoodSignature;
+			signerinfo->cmsg->pwfn_arg) != SECSuccess) 
+			? NSSCMSVS_BadSignature : NSSCMSVS_GoodSignature;
     }
 
     if (vs == NSSCMSVS_BadSignature) {
author	nelsonb%netscape.com <devnull@localhost>	2003-12-04 00:29:31 +0000
committer	nelsonb%netscape.com <devnull@localhost>	2003-12-04 00:29:31 +0000
commit	49108b5351ff05e890785530f89648834d75344b (patch)
tree	7ad7e76f01cd64b3ea95ee4d468686cad59f95c7 /security/nss/lib/smime
parent	e1e95392433b97cddaeac1a9640db3cf9e56626b (diff)
download	nss-hg-49108b5351ff05e890785530f89648834d75344b.tar.gz