diff options
Diffstat (limited to 'security/nss/lib/smime/cmsdigest.c')
-rw-r--r-- | security/nss/lib/smime/cmsdigest.c | 294 |
1 files changed, 294 insertions, 0 deletions
diff --git a/security/nss/lib/smime/cmsdigest.c b/security/nss/lib/smime/cmsdigest.c new file mode 100644 index 000000000..e0e923a77 --- /dev/null +++ b/security/nss/lib/smime/cmsdigest.c @@ -0,0 +1,294 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +/* + * CMS digesting. + * + * $Id$ + */ + +#include "cmslocal.h" + +#include "cert.h" +#include "key.h" +#include "secitem.h" +#include "secoid.h" +#include "pk11func.h" +#include "prtime.h" +#include "secerr.h" + +/* #define CMS_FIND_LEAK_MULTIPLE 1 */ +#ifdef CMS_FIND_LEAK_MULTIPLE +static int stop_on_err = 1; +static int global_num_digests = 0; +#endif + +struct digestPairStr { + const SECHashObject * digobj; + void * digcx; +}; +typedef struct digestPairStr digestPair; + +struct NSSCMSDigestContextStr { + PRBool saw_contents; + PLArenaPool * pool; + int digcnt; + digestPair * digPairs; +}; + + +/* + * NSS_CMSDigestContext_StartMultiple - start digest calculation using all the + * digest algorithms in "digestalgs" in parallel. + */ +NSSCMSDigestContext * +NSS_CMSDigestContext_StartMultiple(SECAlgorithmID **digestalgs) +{ + PLArenaPool * pool; + NSSCMSDigestContext *cmsdigcx; + int digcnt; + int i; + +#ifdef CMS_FIND_LEAK_MULTIPLE + PORT_Assert(global_num_digests == 0 || !stop_on_err); +#endif + + digcnt = (digestalgs == NULL) ? 0 : NSS_CMSArray_Count((void **)digestalgs); + /* It's OK if digcnt is zero. We have to allow this for "certs only" + ** messages. + */ + pool = PORT_NewArena(2048); + if (!pool) + return NULL; + + cmsdigcx = PORT_ArenaNew(pool, NSSCMSDigestContext); + if (cmsdigcx == NULL) + goto loser; + + cmsdigcx->saw_contents = PR_FALSE; + cmsdigcx->pool = pool; + cmsdigcx->digcnt = digcnt; + + cmsdigcx->digPairs = PORT_ArenaZNewArray(pool, digestPair, digcnt); + if (cmsdigcx->digPairs == NULL) { + goto loser; + } + + /* + * Create a digest object context for each algorithm. + */ + for (i = 0; i < digcnt; i++) { + const SECHashObject *digobj; + void *digcx; + + digobj = NSS_CMSUtil_GetHashObjByAlgID(digestalgs[i]); + /* + * Skip any algorithm we do not even recognize; obviously, + * this could be a problem, but if it is critical then the + * result will just be that the signature does not verify. + * We do not necessarily want to error out here, because + * the particular algorithm may not actually be important, + * but we cannot know that until later. + */ + if (digobj == NULL) + continue; + + digcx = (*digobj->create)(); + if (digcx != NULL) { + (*digobj->begin) (digcx); + cmsdigcx->digPairs[i].digobj = digobj; + cmsdigcx->digPairs[i].digcx = digcx; +#ifdef CMS_FIND_LEAK_MULTIPLE + global_num_digests++; +#endif + } + } + return cmsdigcx; + +loser: + /* no digest objects have been created, or need to be destroyed. */ + if (pool) { + PORT_FreeArena(pool, PR_FALSE); + } + return NULL; +} + +/* + * NSS_CMSDigestContext_StartSingle - same as + * NSS_CMSDigestContext_StartMultiple, but only one algorithm. + */ +NSSCMSDigestContext * +NSS_CMSDigestContext_StartSingle(SECAlgorithmID *digestalg) +{ + SECAlgorithmID *digestalgs[] = { NULL, NULL }; /* fake array */ + + digestalgs[0] = digestalg; + return NSS_CMSDigestContext_StartMultiple(digestalgs); +} + +/* + * NSS_CMSDigestContext_Update - feed more data into the digest machine + */ +void +NSS_CMSDigestContext_Update(NSSCMSDigestContext *cmsdigcx, + const unsigned char *data, int len) +{ + int i; + digestPair *pair = cmsdigcx->digPairs; + + cmsdigcx->saw_contents = PR_TRUE; + + for (i = 0; i < cmsdigcx->digcnt; i++, pair++) { + if (pair->digcx) { + (*pair->digobj->update)(pair->digcx, data, len); + } + } +} + +/* + * NSS_CMSDigestContext_Cancel - cancel digesting operation + */ +void +NSS_CMSDigestContext_Cancel(NSSCMSDigestContext *cmsdigcx) +{ + int i; + digestPair *pair = cmsdigcx->digPairs; + + for (i = 0; i < cmsdigcx->digcnt; i++, pair++) { + if (pair->digcx) { + (*pair->digobj->destroy)(pair->digcx, PR_TRUE); +#ifdef CMS_FIND_LEAK_MULTIPLE + --global_num_digests; +#endif + } + } +#ifdef CMS_FIND_LEAK_MULTIPLE + PORT_Assert(global_num_digests == 0 || !stop_on_err); +#endif + PORT_FreeArena(cmsdigcx->pool, PR_FALSE); +} + +/* + * NSS_CMSDigestContext_FinishMultiple - finish the digests and put them + * into an array of SECItems (allocated on poolp) + */ +SECStatus +NSS_CMSDigestContext_FinishMultiple(NSSCMSDigestContext *cmsdigcx, + PLArenaPool *poolp, + SECItem ***digestsp) +{ + SECItem ** digests = NULL; + digestPair *pair; + void * mark; + int i; + SECStatus rv; + + /* no contents? do not finish digests */ + if (digestsp == NULL || !cmsdigcx->saw_contents) { + rv = SECSuccess; + goto cleanup; + } + + mark = PORT_ArenaMark (poolp); + + /* allocate digest array & SECItems on arena */ + digests = PORT_ArenaNewArray( poolp, SECItem *, cmsdigcx->digcnt + 1); + + rv = ((digests == NULL) ? SECFailure : SECSuccess); + pair = cmsdigcx->digPairs; + for (i = 0; rv == SECSuccess && i < cmsdigcx->digcnt; i++, pair++) { + SECItem digest; + unsigned char hash[HASH_LENGTH_MAX]; + + if (!pair->digcx) { + digests[i] = NULL; + continue; + } + + digest.type = siBuffer; + digest.data = hash; + digest.len = pair->digobj->length; + (* pair->digobj->end)(pair->digcx, hash, &digest.len, digest.len); + digests[i] = SECITEM_ArenaDupItem(poolp, &digest); + if (!digests[i]) { + rv = SECFailure; + } + } + digests[i] = NULL; + if (rv == SECSuccess) { + PORT_ArenaUnmark(poolp, mark); + } else + PORT_ArenaRelease(poolp, mark); + +cleanup: + NSS_CMSDigestContext_Cancel(cmsdigcx); + /* Don't change the caller's digests pointer if we have no digests. + ** NSS_CMSSignedData_Encode_AfterData depends on this behavior. + */ + if (rv == SECSuccess && digestsp && digests) { + *digestsp = digests; + } + return rv; +} + +/* + * NSS_CMSDigestContext_FinishSingle - same as + * NSS_CMSDigestContext_FinishMultiple, but for one digest. + */ +SECStatus +NSS_CMSDigestContext_FinishSingle(NSSCMSDigestContext *cmsdigcx, + PLArenaPool *poolp, + SECItem *digest) +{ + SECStatus rv = SECFailure; + SECItem **dp; + PLArenaPool *arena = NULL; + + if ((arena = PORT_NewArena(1024)) == NULL) + goto loser; + + /* get the digests into arena, then copy the first digest into poolp */ + rv = NSS_CMSDigestContext_FinishMultiple(cmsdigcx, arena, &dp); + if (rv == SECSuccess) { + /* now copy it into poolp */ + rv = SECITEM_CopyItem(poolp, digest, dp[0]); + } +loser: + if (arena) + PORT_FreeArena(arena, PR_FALSE); + + return rv; +} |