OLD | NEW |
1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
4 | 4 |
5 /* | 5 /* |
6 * PKCS7 implementation -- the exported parts that are used whether | 6 * PKCS7 implementation -- the exported parts that are used whether |
7 * creating or decoding. | 7 * creating or decoding. |
8 */ | 8 */ |
9 | 9 |
10 #include "p7local.h" | 10 #include "p7local.h" |
11 | 11 |
12 #include "cert.h" | 12 #include "cert.h" |
13 #include "secitem.h" | 13 #include "secitem.h" |
14 #include "secoid.h" | 14 #include "secoid.h" |
15 #include "pk11func.h" | 15 #include "pk11func.h" |
16 | 16 |
17 /* | 17 /* |
18 * Find out (saving pointer to lookup result for future reference) | 18 * Find out (saving pointer to lookup result for future reference) |
19 * and return the inner content type. | 19 * and return the inner content type. |
20 */ | 20 */ |
21 SECOidTag | 21 SECOidTag SEC_PKCS7ContentType(SEC_PKCS7ContentInfo *cinfo) { |
22 SEC_PKCS7ContentType (SEC_PKCS7ContentInfo *cinfo) | 22 if (cinfo->contentTypeTag == NULL) |
23 { | 23 cinfo->contentTypeTag = SECOID_FindOID(&(cinfo->contentType)); |
24 if (cinfo->contentTypeTag == NULL) | 24 |
25 » cinfo->contentTypeTag = SECOID_FindOID(&(cinfo->contentType)); | 25 if (cinfo->contentTypeTag == NULL) return SEC_OID_UNKNOWN; |
26 | 26 |
27 if (cinfo->contentTypeTag == NULL) | 27 return cinfo->contentTypeTag->offset; |
28 » return SEC_OID_UNKNOWN; | 28 } |
29 | |
30 return cinfo->contentTypeTag->offset; | |
31 } | |
32 | |
33 | 29 |
34 /* | 30 /* |
35 * Destroy a PKCS7 contentInfo and all of its sub-pieces. | 31 * Destroy a PKCS7 contentInfo and all of its sub-pieces. |
36 */ | 32 */ |
37 void | 33 void SEC_PKCS7DestroyContentInfo(SEC_PKCS7ContentInfo *cinfo) { |
38 SEC_PKCS7DestroyContentInfo(SEC_PKCS7ContentInfo *cinfo) | 34 SECOidTag kind; |
39 { | 35 CERTCertificate **certs; |
40 SECOidTag kind; | 36 CERTCertificateList **certlists; |
41 CERTCertificate **certs; | 37 SEC_PKCS7SignerInfo **signerinfos; |
42 CERTCertificateList **certlists; | 38 SEC_PKCS7RecipientInfo **recipientinfos; |
43 SEC_PKCS7SignerInfo **signerinfos; | 39 |
44 SEC_PKCS7RecipientInfo **recipientinfos; | 40 PORT_Assert(cinfo->refCount > 0); |
45 | 41 if (cinfo->refCount <= 0) return; |
46 PORT_Assert (cinfo->refCount > 0); | 42 |
47 if (cinfo->refCount <= 0) | 43 cinfo->refCount--; |
48 » return; | 44 if (cinfo->refCount > 0) return; |
49 | 45 |
50 cinfo->refCount--; | 46 certs = NULL; |
51 if (cinfo->refCount > 0) | 47 certlists = NULL; |
52 » return; | 48 recipientinfos = NULL; |
53 | 49 signerinfos = NULL; |
54 certs = NULL; | 50 |
55 certlists = NULL; | 51 kind = SEC_PKCS7ContentType(cinfo); |
56 recipientinfos = NULL; | 52 switch (kind) { |
57 signerinfos = NULL; | 53 case SEC_OID_PKCS7_ENVELOPED_DATA: { |
58 | 54 SEC_PKCS7EnvelopedData *edp; |
59 kind = SEC_PKCS7ContentType (cinfo); | 55 |
60 switch (kind) { | 56 edp = cinfo->content.envelopedData; |
61 case SEC_OID_PKCS7_ENVELOPED_DATA: | 57 if (edp != NULL) { |
62 » { | 58 recipientinfos = edp->recipientInfos; |
63 » SEC_PKCS7EnvelopedData *edp; | 59 } |
64 | 60 } break; |
65 » edp = cinfo->content.envelopedData; | 61 case SEC_OID_PKCS7_SIGNED_DATA: { |
66 » if (edp != NULL) { | 62 SEC_PKCS7SignedData *sdp; |
67 » » recipientinfos = edp->recipientInfos; | 63 |
68 » } | 64 sdp = cinfo->content.signedData; |
69 » } | 65 if (sdp != NULL) { |
70 » break; | 66 certs = sdp->certs; |
71 case SEC_OID_PKCS7_SIGNED_DATA: | 67 certlists = sdp->certLists; |
72 » { | 68 signerinfos = sdp->signerInfos; |
73 » SEC_PKCS7SignedData *sdp; | 69 } |
74 | 70 } break; |
75 » sdp = cinfo->content.signedData; | 71 case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: { |
76 » if (sdp != NULL) { | 72 SEC_PKCS7SignedAndEnvelopedData *saedp; |
77 » » certs = sdp->certs; | 73 |
78 » » certlists = sdp->certLists; | 74 saedp = cinfo->content.signedAndEnvelopedData; |
79 » » signerinfos = sdp->signerInfos; | 75 if (saedp != NULL) { |
80 » } | 76 certs = saedp->certs; |
81 » } | 77 certlists = saedp->certLists; |
82 » break; | 78 recipientinfos = saedp->recipientInfos; |
83 case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: | 79 signerinfos = saedp->signerInfos; |
84 » { | 80 if (saedp->sigKey != NULL) PK11_FreeSymKey(saedp->sigKey); |
85 » SEC_PKCS7SignedAndEnvelopedData *saedp; | 81 } |
86 | 82 } break; |
87 » saedp = cinfo->content.signedAndEnvelopedData; | 83 default: |
88 » if (saedp != NULL) { | 84 /* XXX Anything else that needs to be "manually" freed/destroyed? */ |
89 » » certs = saedp->certs; | 85 break; |
90 » » certlists = saedp->certLists; | 86 } |
91 » » recipientinfos = saedp->recipientInfos; | 87 |
92 » » signerinfos = saedp->signerInfos; | 88 if (certs != NULL) { |
93 » » if (saedp->sigKey != NULL) | 89 CERTCertificate *cert; |
94 » » PK11_FreeSymKey (saedp->sigKey); | 90 |
95 » } | 91 while ((cert = *certs++) != NULL) { |
96 » } | 92 CERT_DestroyCertificate(cert); |
97 » break; | 93 } |
98 default: | 94 } |
99 » /* XXX Anything else that needs to be "manually" freed/destroyed? */ | 95 |
100 » break; | 96 if (certlists != NULL) { |
101 } | 97 CERTCertificateList *certlist; |
102 | 98 |
103 if (certs != NULL) { | 99 while ((certlist = *certlists++) != NULL) { |
104 » CERTCertificate *cert; | 100 CERT_DestroyCertificateList(certlist); |
105 | 101 } |
106 » while ((cert = *certs++) != NULL) { | 102 } |
107 » CERT_DestroyCertificate (cert); | 103 |
108 » } | 104 if (recipientinfos != NULL) { |
109 } | 105 SEC_PKCS7RecipientInfo *ri; |
110 | 106 |
111 if (certlists != NULL) { | 107 while ((ri = *recipientinfos++) != NULL) { |
112 » CERTCertificateList *certlist; | 108 if (ri->cert != NULL) CERT_DestroyCertificate(ri->cert); |
113 | 109 } |
114 » while ((certlist = *certlists++) != NULL) { | 110 } |
115 » CERT_DestroyCertificateList (certlist); | 111 |
116 » } | 112 if (signerinfos != NULL) { |
117 } | 113 SEC_PKCS7SignerInfo *si; |
118 | 114 |
119 if (recipientinfos != NULL) { | 115 while ((si = *signerinfos++) != NULL) { |
120 » SEC_PKCS7RecipientInfo *ri; | 116 if (si->cert != NULL) CERT_DestroyCertificate(si->cert); |
121 | 117 if (si->certList != NULL) CERT_DestroyCertificateList(si->certList); |
122 » while ((ri = *recipientinfos++) != NULL) { | 118 } |
123 » if (ri->cert != NULL) | 119 } |
124 » » CERT_DestroyCertificate (ri->cert); | 120 |
125 » } | 121 if (cinfo->poolp != NULL) { |
126 } | 122 PORT_FreeArena(cinfo->poolp, PR_FALSE); /* XXX clear it? */ |
127 | 123 } |
128 if (signerinfos != NULL) { | 124 } |
129 » SEC_PKCS7SignerInfo *si; | |
130 | |
131 » while ((si = *signerinfos++) != NULL) { | |
132 » if (si->cert != NULL) | |
133 » » CERT_DestroyCertificate (si->cert); | |
134 » if (si->certList != NULL) | |
135 » » CERT_DestroyCertificateList (si->certList); | |
136 » } | |
137 } | |
138 | |
139 if (cinfo->poolp != NULL) { | |
140 » PORT_FreeArena (cinfo->poolp, PR_FALSE);» /* XXX clear it? */ | |
141 } | |
142 } | |
143 | |
144 | 125 |
145 /* | 126 /* |
146 * Return a copy of the given contentInfo. The copy may be virtual | 127 * Return a copy of the given contentInfo. The copy may be virtual |
147 * or may be real -- either way, the result needs to be passed to | 128 * or may be real -- either way, the result needs to be passed to |
148 * SEC_PKCS7DestroyContentInfo later (as does the original). | 129 * SEC_PKCS7DestroyContentInfo later (as does the original). |
149 */ | 130 */ |
150 SEC_PKCS7ContentInfo * | 131 SEC_PKCS7ContentInfo *SEC_PKCS7CopyContentInfo(SEC_PKCS7ContentInfo *cinfo) { |
151 SEC_PKCS7CopyContentInfo(SEC_PKCS7ContentInfo *cinfo) | 132 if (cinfo == NULL) return NULL; |
152 { | 133 |
153 if (cinfo == NULL) | 134 PORT_Assert(cinfo->refCount > 0); |
154 » return NULL; | 135 |
155 | 136 if (cinfo->created) { |
156 PORT_Assert (cinfo->refCount > 0); | 137 /* |
157 | 138 * Want to do a real copy of these; otherwise subsequent |
158 if (cinfo->created) { | 139 * changes made to either copy are likely to be a surprise. |
159 » /* | 140 * XXX I suspect that this will not actually be called for yet, |
160 » * Want to do a real copy of these; otherwise subsequent | 141 * which is why the assert, so to notice if it is... |
161 » * changes made to either copy are likely to be a surprise. | 142 */ |
162 » * XXX I suspect that this will not actually be called for yet, | 143 PORT_Assert(0); |
163 » * which is why the assert, so to notice if it is... | 144 /* |
164 » */ | 145 * XXX Create a new pool here, and copy everything from |
165 » PORT_Assert (0); | 146 * within. For cert stuff, need to call the appropriate |
166 » /* | 147 * copy functions, etc. |
167 » * XXX Create a new pool here, and copy everything from | 148 */ |
168 » * within. For cert stuff, need to call the appropriate | 149 } |
169 » * copy functions, etc. | 150 |
170 » */ | 151 cinfo->refCount++; |
171 } | 152 return cinfo; |
172 | 153 } |
173 cinfo->refCount++; | |
174 return cinfo; | |
175 } | |
176 | |
177 | 154 |
178 /* | 155 /* |
179 * Return a pointer to the actual content. In the case of those types | 156 * Return a pointer to the actual content. In the case of those types |
180 * which are encrypted, this returns the *plain* content. | 157 * which are encrypted, this returns the *plain* content. |
181 * XXX Needs revisiting if/when we handle nested encrypted types. | 158 * XXX Needs revisiting if/when we handle nested encrypted types. |
182 */ | 159 */ |
183 SECItem * | 160 SECItem *SEC_PKCS7GetContent(SEC_PKCS7ContentInfo *cinfo) { |
184 SEC_PKCS7GetContent(SEC_PKCS7ContentInfo *cinfo) | 161 SECOidTag kind; |
185 { | 162 |
186 SECOidTag kind; | 163 kind = SEC_PKCS7ContentType(cinfo); |
187 | 164 switch (kind) { |
188 kind = SEC_PKCS7ContentType (cinfo); | 165 case SEC_OID_PKCS7_DATA: |
189 switch (kind) { | 166 return cinfo->content.data; |
190 case SEC_OID_PKCS7_DATA: | 167 case SEC_OID_PKCS7_DIGESTED_DATA: { |
191 » return cinfo->content.data; | 168 SEC_PKCS7DigestedData *digd; |
192 case SEC_OID_PKCS7_DIGESTED_DATA: | 169 |
193 » { | 170 digd = cinfo->content.digestedData; |
194 » SEC_PKCS7DigestedData *digd; | 171 if (digd == NULL) break; |
195 | 172 return SEC_PKCS7GetContent(&(digd->contentInfo)); |
196 » digd = cinfo->content.digestedData; | 173 } |
197 » if (digd == NULL) | 174 case SEC_OID_PKCS7_ENCRYPTED_DATA: { |
198 » » break; | 175 SEC_PKCS7EncryptedData *encd; |
199 » return SEC_PKCS7GetContent (&(digd->contentInfo)); | 176 |
200 » } | 177 encd = cinfo->content.encryptedData; |
201 case SEC_OID_PKCS7_ENCRYPTED_DATA: | 178 if (encd == NULL) break; |
202 » { | 179 return &(encd->encContentInfo.plainContent); |
203 » SEC_PKCS7EncryptedData *encd; | 180 } |
204 | 181 case SEC_OID_PKCS7_ENVELOPED_DATA: { |
205 » encd = cinfo->content.encryptedData; | 182 SEC_PKCS7EnvelopedData *envd; |
206 » if (encd == NULL) | 183 |
207 » » break; | 184 envd = cinfo->content.envelopedData; |
208 » return &(encd->encContentInfo.plainContent); | 185 if (envd == NULL) break; |
209 » } | 186 return &(envd->encContentInfo.plainContent); |
210 case SEC_OID_PKCS7_ENVELOPED_DATA: | 187 } |
211 » { | 188 case SEC_OID_PKCS7_SIGNED_DATA: { |
212 » SEC_PKCS7EnvelopedData *envd; | 189 SEC_PKCS7SignedData *sigd; |
213 | 190 |
214 » envd = cinfo->content.envelopedData; | 191 sigd = cinfo->content.signedData; |
215 » if (envd == NULL) | 192 if (sigd == NULL) break; |
216 » » break; | 193 return SEC_PKCS7GetContent(&(sigd->contentInfo)); |
217 » return &(envd->encContentInfo.plainContent); | 194 } |
218 » } | 195 case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: { |
219 case SEC_OID_PKCS7_SIGNED_DATA: | 196 SEC_PKCS7SignedAndEnvelopedData *saed; |
220 » { | 197 |
221 » SEC_PKCS7SignedData *sigd; | 198 saed = cinfo->content.signedAndEnvelopedData; |
222 | 199 if (saed == NULL) break; |
223 » sigd = cinfo->content.signedData; | 200 return &(saed->encContentInfo.plainContent); |
224 » if (sigd == NULL) | 201 } |
225 » » break; | 202 default: |
226 » return SEC_PKCS7GetContent (&(sigd->contentInfo)); | 203 PORT_Assert(0); |
227 » } | 204 break; |
228 case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: | 205 } |
229 » { | 206 |
230 » SEC_PKCS7SignedAndEnvelopedData *saed; | 207 return NULL; |
231 | 208 } |
232 » saed = cinfo->content.signedAndEnvelopedData; | |
233 » if (saed == NULL) | |
234 » » break; | |
235 » return &(saed->encContentInfo.plainContent); | |
236 » } | |
237 default: | |
238 » PORT_Assert(0); | |
239 » break; | |
240 } | |
241 | |
242 return NULL; | |
243 } | |
244 | |
245 | 209 |
246 /* | 210 /* |
247 * XXX Fix the placement and formatting of the | 211 * XXX Fix the placement and formatting of the |
248 * following routines (i.e. make them consistent with the rest of | 212 * following routines (i.e. make them consistent with the rest of |
249 * the pkcs7 code -- I think some/many belong in other files and | 213 * the pkcs7 code -- I think some/many belong in other files and |
250 * they all need a formatting/style rehaul) | 214 * they all need a formatting/style rehaul) |
251 */ | 215 */ |
252 | 216 |
253 /* retrieve the algorithm identifier for encrypted data. | 217 /* retrieve the algorithm identifier for encrypted data. |
254 * the identifier returned is a copy of the algorithm identifier | 218 * the identifier returned is a copy of the algorithm identifier |
255 * in the content info and needs to be freed after being used. | 219 * in the content info and needs to be freed after being used. |
256 * | 220 * |
257 * cinfo is the content info for which to retrieve the | 221 * cinfo is the content info for which to retrieve the |
258 * encryption algorithm. | 222 * encryption algorithm. |
259 * | 223 * |
260 * if the content info is not encrypted data or an error | 224 * if the content info is not encrypted data or an error |
261 * occurs NULL is returned. | 225 * occurs NULL is returned. |
262 */ | 226 */ |
263 SECAlgorithmID * | 227 SECAlgorithmID *SEC_PKCS7GetEncryptionAlgorithm(SEC_PKCS7ContentInfo *cinfo) { |
264 SEC_PKCS7GetEncryptionAlgorithm(SEC_PKCS7ContentInfo *cinfo) | |
265 { | |
266 SECAlgorithmID *alg = 0; | 228 SECAlgorithmID *alg = 0; |
267 switch (SEC_PKCS7ContentType(cinfo)) | 229 switch (SEC_PKCS7ContentType(cinfo)) { |
268 { | |
269 case SEC_OID_PKCS7_ENCRYPTED_DATA: | 230 case SEC_OID_PKCS7_ENCRYPTED_DATA: |
270 alg = &cinfo->content.encryptedData->encContentInfo.contentEncAlg; | 231 alg = &cinfo->content.encryptedData->encContentInfo.contentEncAlg; |
271 break; | 232 break; |
272 case SEC_OID_PKCS7_ENVELOPED_DATA: | 233 case SEC_OID_PKCS7_ENVELOPED_DATA: |
273 alg = &cinfo->content.envelopedData->encContentInfo.contentEncAlg; | 234 alg = &cinfo->content.envelopedData->encContentInfo.contentEncAlg; |
274 break; | 235 break; |
275 case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: | 236 case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: |
276 alg = &cinfo->content.signedAndEnvelopedData | 237 alg = |
277 » ->encContentInfo.contentEncAlg; | 238 &cinfo->content.signedAndEnvelopedData->encContentInfo.contentEncAlg; |
278 break; | 239 break; |
279 default: | 240 default: |
280 alg = 0; | 241 alg = 0; |
281 break; | 242 break; |
282 } | 243 } |
283 | 244 |
284 return alg; | 245 return alg; |
285 } | 246 } |
286 | 247 |
287 /* set the content of the content info. For data content infos, | 248 /* set the content of the content info. For data content infos, |
288 * the data is set. For encrytped content infos, the plainContent | 249 * the data is set. For encrytped content infos, the plainContent |
289 * is set, and is expected to be encrypted later. | 250 * is set, and is expected to be encrypted later. |
290 * | 251 * |
291 * cinfo is the content info where the data will be set | 252 * cinfo is the content info where the data will be set |
292 * | 253 * |
293 * buf is a buffer of the data to set | 254 * buf is a buffer of the data to set |
294 * | 255 * |
295 * len is the length of the data being set. | 256 * len is the length of the data being set. |
296 * | 257 * |
297 * in the event of an error, SECFailure is returned. SECSuccess | 258 * in the event of an error, SECFailure is returned. SECSuccess |
298 * indicates the content was successfully set. | 259 * indicates the content was successfully set. |
299 */ | 260 */ |
300 SECStatus | 261 SECStatus SEC_PKCS7SetContent(SEC_PKCS7ContentInfo *cinfo, const char *buf, |
301 SEC_PKCS7SetContent(SEC_PKCS7ContentInfo *cinfo, | 262 unsigned long len) { |
302 » » const char *buf,· | 263 SECOidTag cinfo_type; |
303 » » unsigned long len) | 264 SECStatus rv; |
304 { | 265 SECItem content; |
305 SECOidTag cinfo_type; | 266 SECOidData *contentTypeTag = NULL; |
306 SECStatus rv; | 267 |
307 SECItem content; | 268 content.type = siBuffer; |
308 SECOidData *contentTypeTag = NULL; | 269 content.data = (unsigned char *)buf; |
309 | 270 content.len = len; |
310 content.type = siBuffer; | 271 |
311 content.data = (unsigned char *)buf; | 272 cinfo_type = SEC_PKCS7ContentType(cinfo); |
312 content.len = len; | 273 |
313 | 274 /* set inner content */ |
314 cinfo_type = SEC_PKCS7ContentType(cinfo); | 275 switch (cinfo_type) { |
315 | 276 case SEC_OID_PKCS7_SIGNED_DATA: |
316 /* set inner content */ | 277 if (content.len > 0) { |
317 switch(cinfo_type) | 278 /* we "leak" the old content here, but as it's all in the pool */ |
318 { | 279 /* it does not really matter */ |
319 » case SEC_OID_PKCS7_SIGNED_DATA: | 280 |
320 » if(content.len > 0) { | 281 /* create content item if necessary */ |
321 » » /* we "leak" the old content here, but as it's all in the pool *
/ | 282 if (cinfo->content.signedData->contentInfo.content.data == NULL) |
322 » » /* it does not really matter */ | 283 cinfo->content.signedData->contentInfo.content.data = |
323 | 284 SECITEM_AllocItem(cinfo->poolp, NULL, 0); |
324 » » /* create content item if necessary */ | 285 rv = SECITEM_CopyItem( |
325 » » if (cinfo->content.signedData->contentInfo.content.data == NULL) | 286 cinfo->poolp, cinfo->content.signedData->contentInfo.content.data, |
326 » » cinfo->content.signedData->contentInfo.content.data = SECITE
M_AllocItem(cinfo->poolp, NULL, 0); | 287 &content); |
327 » » rv = SECITEM_CopyItem(cinfo->poolp, | 288 } else { |
328 » » » cinfo->content.signedData->contentInfo.content.data, | 289 cinfo->content.signedData->contentInfo.content.data->data = NULL; |
329 » » » &content); | 290 cinfo->content.signedData->contentInfo.content.data->len = 0; |
330 » } else { | 291 rv = SECSuccess; |
331 » » cinfo->content.signedData->contentInfo.content.data->data = NULL
; | 292 } |
332 » » cinfo->content.signedData->contentInfo.content.data->len = 0; | 293 if (rv == SECFailure) goto loser; |
333 » » rv = SECSuccess; | 294 |
334 » } | 295 break; |
335 » if(rv == SECFailure) | 296 case SEC_OID_PKCS7_ENCRYPTED_DATA: |
336 » » goto loser; | 297 /* XXX this forces the inner content type to be "data" */ |
337 »··········· | 298 /* do we really want to override without asking or reason? */ |
338 » break; | 299 contentTypeTag = SECOID_FindOIDByTag(SEC_OID_PKCS7_DATA); |
339 » case SEC_OID_PKCS7_ENCRYPTED_DATA: | 300 if (contentTypeTag == NULL) goto loser; |
340 » /* XXX this forces the inner content type to be "data" */ | 301 rv = SECITEM_CopyItem( |
341 » /* do we really want to override without asking or reason? */ | 302 cinfo->poolp, |
342 » contentTypeTag = SECOID_FindOIDByTag(SEC_OID_PKCS7_DATA); | 303 &(cinfo->content.encryptedData->encContentInfo.contentType), |
343 » if(contentTypeTag == NULL) | 304 &(contentTypeTag->oid)); |
344 » » goto loser; | 305 if (rv == SECFailure) goto loser; |
345 » rv = SECITEM_CopyItem(cinfo->poolp,· | 306 if (content.len > 0) { |
346 » » &(cinfo->content.encryptedData->encContentInfo.contentType), | 307 rv = SECITEM_CopyItem( |
347 » » &(contentTypeTag->oid)); | 308 cinfo->poolp, |
348 » if(rv == SECFailure) | 309 &(cinfo->content.encryptedData->encContentInfo.plainContent), |
349 » » goto loser; | 310 &content); |
350 » if(content.len > 0) { | 311 } else { |
351 » » rv = SECITEM_CopyItem(cinfo->poolp,· | 312 cinfo->content.encryptedData->encContentInfo.plainContent.data = NULL; |
352 » » » &(cinfo->content.encryptedData->encContentInfo.plainCont
ent), | 313 cinfo->content.encryptedData->encContentInfo.encContent.data = NULL; |
353 » » » &content); | 314 cinfo->content.encryptedData->encContentInfo.plainContent.len = 0; |
354 » } else { | 315 cinfo->content.encryptedData->encContentInfo.encContent.len = 0; |
355 » » cinfo->content.encryptedData->encContentInfo.plainContent.data =
NULL; | 316 rv = SECSuccess; |
356 » » cinfo->content.encryptedData->encContentInfo.encContent.data = N
ULL; | 317 } |
357 » » cinfo->content.encryptedData->encContentInfo.plainContent.len =
0; | 318 if (rv == SECFailure) goto loser; |
358 » » cinfo->content.encryptedData->encContentInfo.encContent.len = 0; | 319 break; |
359 » » rv = SECSuccess; | 320 case SEC_OID_PKCS7_DATA: |
360 » } | 321 cinfo->content.data = |
361 » if(rv == SECFailure) | 322 (SECItem *)PORT_ArenaZAlloc(cinfo->poolp, sizeof(SECItem)); |
362 » » goto loser; | 323 if (cinfo->content.data == NULL) goto loser; |
363 » break; | 324 if (content.len > 0) { |
364 » case SEC_OID_PKCS7_DATA: | 325 rv = SECITEM_CopyItem(cinfo->poolp, cinfo->content.data, &content); |
365 » cinfo->content.data = (SECItem *)PORT_ArenaZAlloc(cinfo->poolp, | 326 } else { |
366 » » sizeof(SECItem)); | 327 /* handle case with NULL content */ |
367 » if(cinfo->content.data == NULL) | 328 rv = SECSuccess; |
368 » » goto loser; | 329 } |
369 » if(content.len > 0) { | 330 if (rv == SECFailure) goto loser; |
370 » » rv = SECITEM_CopyItem(cinfo->poolp, | 331 break; |
371 » » » cinfo->content.data, &content); | 332 default: |
372 » } else { | 333 goto loser; |
373 » » /* handle case with NULL content */ | 334 } |
374 » » rv = SECSuccess; | 335 |
375 » } | 336 return SECSuccess; |
376 » if(rv == SECFailure) | |
377 » » goto loser; | |
378 » break; | |
379 » default: | |
380 » goto loser; | |
381 } | |
382 | |
383 return SECSuccess; | |
384 | 337 |
385 loser: | 338 loser: |
386 » | 339 |
387 return SECFailure; | 340 return SECFailure; |
388 } | 341 } |
389 | 342 |
390 /* the content of an encrypted data content info is encrypted. | 343 /* the content of an encrypted data content info is encrypted. |
391 * it is assumed that for encrypted data, that the data has already | 344 * it is assumed that for encrypted data, that the data has already |
392 * been set and is in the "plainContent" field of the content info. | 345 * been set and is in the "plainContent" field of the content info. |
393 * | 346 * |
394 * cinfo is the content info to encrypt | 347 * cinfo is the content info to encrypt |
395 * | 348 * |
396 * key is the key with which to perform the encryption. if the | 349 * key is the key with which to perform the encryption. if the |
397 * algorithm is a password based encryption algorithm, the | 350 * algorithm is a password based encryption algorithm, the |
398 * key is actually a password which will be processed per | 351 * key is actually a password which will be processed per |
399 * PKCS #5. | 352 * PKCS #5. |
400 * | 353 * |
401 * in the event of an error, SECFailure is returned. SECSuccess | 354 * in the event of an error, SECFailure is returned. SECSuccess |
402 * indicates a success. | 355 * indicates a success. |
403 */ | 356 */ |
404 SECStatus | 357 SECStatus SEC_PKCS7EncryptContents(PLArenaPool *poolp, |
405 SEC_PKCS7EncryptContents(PLArenaPool *poolp, | 358 SEC_PKCS7ContentInfo *cinfo, SECItem *key, |
406 » » » SEC_PKCS7ContentInfo *cinfo, | 359 void *wincx) { |
407 » » » SECItem *key, | 360 SECAlgorithmID *algid = NULL; |
408 » » » void *wincx) | 361 SECItem *result = NULL; |
409 { | 362 SECItem *src; |
410 SECAlgorithmID *algid » = NULL; | 363 SECItem *dest; |
411 SECItem * result » = NULL; | 364 SECItem *blocked_data = NULL; |
412 SECItem * src; | 365 void *mark; |
413 SECItem * dest; | 366 void *cx; |
414 SECItem * blocked_data = NULL; | 367 PK11SymKey *eKey = NULL; |
415 void * mark; | 368 PK11SlotInfo *slot = NULL; |
416 void * cx; | 369 |
417 PK11SymKey * eKey » = NULL; | 370 CK_MECHANISM_TYPE cryptoMechType; |
418 PK11SlotInfo * slot » = NULL; | 371 int bs; |
419 | 372 SECStatus rv = SECFailure; |
420 CK_MECHANISM_TYPE cryptoMechType; | 373 SECItem *c_param = NULL; |
421 int bs; | 374 |
422 SECStatus rv »» = SECFailure; | 375 if ((cinfo == NULL) || (key == NULL)) return SECFailure; |
423 SECItem *c_param = NULL; | 376 |
424 | 377 if (SEC_PKCS7ContentType(cinfo) != SEC_OID_PKCS7_ENCRYPTED_DATA) |
425 if((cinfo == NULL) || (key == NULL)) | 378 return SECFailure; |
426 » return SECFailure; | 379 |
427 | 380 algid = SEC_PKCS7GetEncryptionAlgorithm(cinfo); |
428 if(SEC_PKCS7ContentType(cinfo) != SEC_OID_PKCS7_ENCRYPTED_DATA) | 381 if (algid == NULL) return SECFailure; |
429 » return SECFailure; | 382 |
430 | 383 if (poolp == NULL) poolp = cinfo->poolp; |
431 algid = SEC_PKCS7GetEncryptionAlgorithm(cinfo);»···· | 384 |
432 if(algid == NULL) | 385 mark = PORT_ArenaMark(poolp); |
433 » return SECFailure; | 386 |
434 | 387 src = &cinfo->content.encryptedData->encContentInfo.plainContent; |
435 if(poolp == NULL) | 388 dest = &cinfo->content.encryptedData->encContentInfo.encContent; |
436 » poolp = cinfo->poolp; | 389 dest->data = (unsigned char *)PORT_ArenaZAlloc(poolp, (src->len + 64)); |
437 | 390 dest->len = (src->len + 64); |
438 mark = PORT_ArenaMark(poolp); | 391 if (dest->data == NULL) { |
439 ···· | 392 rv = SECFailure; |
440 src = &cinfo->content.encryptedData->encContentInfo.plainContent; | 393 goto loser; |
441 dest = &cinfo->content.encryptedData->encContentInfo.encContent; | 394 } |
442 dest->data = (unsigned char*)PORT_ArenaZAlloc(poolp, (src->len + 64)); | 395 |
443 dest->len = (src->len + 64); | 396 slot = PK11_GetInternalKeySlot(); |
444 if(dest->data == NULL) { | 397 if (slot == NULL) { |
445 » rv = SECFailure; | 398 rv = SECFailure; |
446 » goto loser; | 399 goto loser; |
447 } | 400 } |
448 | 401 |
449 slot = PK11_GetInternalKeySlot(); | 402 eKey = PK11_PBEKeyGen(slot, algid, key, PR_FALSE, wincx); |
450 if(slot == NULL) { | 403 if (eKey == NULL) { |
451 » rv = SECFailure; | 404 rv = SECFailure; |
452 » goto loser; | 405 goto loser; |
453 } | 406 } |
454 | 407 |
455 eKey = PK11_PBEKeyGen(slot, algid, key, PR_FALSE, wincx); | 408 cryptoMechType = PK11_GetPBECryptoMechanism(algid, &c_param, key); |
456 if(eKey == NULL) { | 409 if (cryptoMechType == CKM_INVALID_MECHANISM) { |
457 » rv = SECFailure; | 410 rv = SECFailure; |
458 » goto loser; | 411 goto loser; |
459 } | 412 } |
460 ···· | 413 |
461 cryptoMechType = PK11_GetPBECryptoMechanism(algid, &c_param, key); | 414 /* block according to PKCS 8 */ |
462 if (cryptoMechType == CKM_INVALID_MECHANISM) { | 415 bs = PK11_GetBlockSize(cryptoMechType, c_param); |
463 » rv = SECFailure; | 416 rv = SECSuccess; |
464 » goto loser; | 417 if (bs) { |
465 } | 418 char pad_char; |
466 | 419 pad_char = (char)(bs - (src->len % bs)); |
467 /* block according to PKCS 8 */ | 420 if (src->len % bs) { |
468 bs = PK11_GetBlockSize(cryptoMechType, c_param); | 421 rv = SECSuccess; |
469 rv = SECSuccess; | 422 blocked_data = PK11_BlockData(src, bs); |
470 if(bs) { | 423 if (blocked_data) { |
471 » char pad_char; | 424 PORT_Memset((blocked_data->data + blocked_data->len - (int)pad_char), |
472 » pad_char = (char)(bs - (src->len % bs)); | 425 pad_char, (int)pad_char); |
473 » if(src->len % bs) { | 426 } else { |
474 » rv = SECSuccess; | 427 rv = SECFailure; |
475 » blocked_data = PK11_BlockData(src, bs); | 428 goto loser; |
476 » if(blocked_data) { | 429 } |
477 » » PORT_Memset((blocked_data->data + blocked_data->len | |
478 » » » - (int)pad_char),· | |
479 » » » pad_char, (int)pad_char); | |
480 » } else { | |
481 » » rv = SECFailure; | |
482 » » goto loser; | |
483 » } | |
484 » } else { | |
485 » blocked_data = SECITEM_DupItem(src); | |
486 » if(blocked_data) { | |
487 » » blocked_data->data = (unsigned char*)PORT_Realloc( | |
488 » » » » » » blocked_data->data, | |
489 » » » » » » blocked_data->len + bs); | |
490 » » if(blocked_data->data) { | |
491 » » blocked_data->len += bs; | |
492 » » PORT_Memset((blocked_data->data + src->len), (char)bs, bs); | |
493 » » } else { | |
494 » » rv = SECFailure; | |
495 » » goto loser; | |
496 » » } | |
497 » } else { | |
498 » » rv = SECFailure; | |
499 » » goto loser; | |
500 » } | |
501 » } | |
502 } else { | 430 } else { |
503 » blocked_data = SECITEM_DupItem(src); | 431 blocked_data = SECITEM_DupItem(src); |
504 » if(!blocked_data) { | 432 if (blocked_data) { |
505 » rv = SECFailure; | 433 blocked_data->data = (unsigned char *)PORT_Realloc( |
506 » goto loser; | 434 blocked_data->data, blocked_data->len + bs); |
507 » } | 435 if (blocked_data->data) { |
508 } | 436 blocked_data->len += bs; |
509 | 437 PORT_Memset((blocked_data->data + src->len), (char)bs, bs); |
510 cx = PK11_CreateContextBySymKey(cryptoMechType, CKA_ENCRYPT, | 438 } else { |
511 » » » » eKey, c_param); | 439 rv = SECFailure; |
512 if(cx == NULL) { | 440 goto loser; |
513 » rv = SECFailure; | 441 } |
514 » goto loser; | 442 } else { |
515 } | 443 rv = SECFailure; |
516 | 444 goto loser; |
517 rv = PK11_CipherOp((PK11Context*)cx, dest->data, (int *)(&dest->len),· | 445 } |
518 » » (int)(src->len + 64), blocked_data->data,· | 446 } |
519 » » (int)blocked_data->len); | 447 } else { |
520 PK11_DestroyContext((PK11Context*)cx, PR_TRUE); | 448 blocked_data = SECITEM_DupItem(src); |
| 449 if (!blocked_data) { |
| 450 rv = SECFailure; |
| 451 goto loser; |
| 452 } |
| 453 } |
| 454 |
| 455 cx = PK11_CreateContextBySymKey(cryptoMechType, CKA_ENCRYPT, eKey, c_param); |
| 456 if (cx == NULL) { |
| 457 rv = SECFailure; |
| 458 goto loser; |
| 459 } |
| 460 |
| 461 rv = PK11_CipherOp((PK11Context *)cx, dest->data, (int *)(&dest->len), |
| 462 (int)(src->len + 64), blocked_data->data, |
| 463 (int)blocked_data->len); |
| 464 PK11_DestroyContext((PK11Context *)cx, PR_TRUE); |
521 | 465 |
522 loser: | 466 loser: |
523 /* let success fall through */ | 467 /* let success fall through */ |
524 if(blocked_data != NULL) | 468 if (blocked_data != NULL) SECITEM_ZfreeItem(blocked_data, PR_TRUE); |
525 » SECITEM_ZfreeItem(blocked_data, PR_TRUE); | 469 |
526 | 470 if (result != NULL) SECITEM_ZfreeItem(result, PR_TRUE); |
527 if(result != NULL) | 471 |
528 » SECITEM_ZfreeItem(result, PR_TRUE); | 472 if (rv == SECFailure) |
529 | 473 PORT_ArenaRelease(poolp, mark); |
530 if(rv == SECFailure) | 474 else |
531 » PORT_ArenaRelease(poolp, mark); | 475 PORT_ArenaUnmark(poolp, mark); |
532 else· | 476 |
533 » PORT_ArenaUnmark(poolp, mark); | 477 if (eKey != NULL) PK11_FreeSymKey(eKey); |
534 | 478 |
535 if(eKey != NULL) | 479 if (slot != NULL) PK11_FreeSlot(slot); |
536 » PK11_FreeSymKey(eKey); | 480 |
537 | 481 if (c_param != NULL) SECITEM_ZfreeItem(c_param, PR_TRUE); |
538 if(slot != NULL) | 482 |
539 » PK11_FreeSlot(slot); | 483 return rv; |
540 | |
541 if(c_param != NULL) | |
542 » SECITEM_ZfreeItem(c_param, PR_TRUE); | |
543 »······· | |
544 return rv; | |
545 } | 484 } |
546 | 485 |
547 /* the content of an encrypted data content info is decrypted. | 486 /* the content of an encrypted data content info is decrypted. |
548 * it is assumed that for encrypted data, that the data has already | 487 * it is assumed that for encrypted data, that the data has already |
549 * been set and is in the "encContent" field of the content info. | 488 * been set and is in the "encContent" field of the content info. |
550 * | 489 * |
551 * cinfo is the content info to decrypt | 490 * cinfo is the content info to decrypt |
552 * | 491 * |
553 * key is the key with which to perform the decryption. if the | 492 * key is the key with which to perform the decryption. if the |
554 * algorithm is a password based encryption algorithm, the | 493 * algorithm is a password based encryption algorithm, the |
555 * key is actually a password which will be processed per | 494 * key is actually a password which will be processed per |
556 * PKCS #5. | 495 * PKCS #5. |
557 * | 496 * |
558 * in the event of an error, SECFailure is returned. SECSuccess | 497 * in the event of an error, SECFailure is returned. SECSuccess |
559 * indicates a success. | 498 * indicates a success. |
560 */ | 499 */ |
561 SECStatus | 500 SECStatus SEC_PKCS7DecryptContents(PLArenaPool *poolp, |
562 SEC_PKCS7DecryptContents(PLArenaPool *poolp, | 501 SEC_PKCS7ContentInfo *cinfo, SECItem *key, |
563 » » » SEC_PKCS7ContentInfo *cinfo, | 502 void *wincx) { |
564 » » » SECItem *key, | 503 SECAlgorithmID *algid = NULL; |
565 » » » void *wincx) | 504 SECStatus rv = SECFailure; |
566 { | 505 SECItem *result = NULL, *dest, *src; |
567 SECAlgorithmID *algid = NULL; | 506 void *mark; |
568 SECStatus rv = SECFailure; | 507 |
569 SECItem *result = NULL, *dest, *src; | 508 PK11SymKey *eKey = NULL; |
570 void *mark; | 509 PK11SlotInfo *slot = NULL; |
571 | 510 CK_MECHANISM_TYPE cryptoMechType; |
572 PK11SymKey *eKey = NULL; | 511 void *cx; |
573 PK11SlotInfo *slot = NULL; | 512 SECItem *c_param = NULL; |
574 CK_MECHANISM_TYPE cryptoMechType; | 513 int bs; |
575 void *cx; | 514 |
576 SECItem *c_param = NULL; | 515 if ((cinfo == NULL) || (key == NULL)) return SECFailure; |
577 int bs; | 516 |
578 | 517 if (SEC_PKCS7ContentType(cinfo) != SEC_OID_PKCS7_ENCRYPTED_DATA) |
579 if((cinfo == NULL) || (key == NULL)) | 518 return SECFailure; |
580 » return SECFailure; | 519 |
581 | 520 algid = SEC_PKCS7GetEncryptionAlgorithm(cinfo); |
582 if(SEC_PKCS7ContentType(cinfo) != SEC_OID_PKCS7_ENCRYPTED_DATA) | 521 if (algid == NULL) return SECFailure; |
583 » return SECFailure; | 522 |
584 | 523 if (poolp == NULL) poolp = cinfo->poolp; |
585 algid = SEC_PKCS7GetEncryptionAlgorithm(cinfo);»···· | 524 |
586 if(algid == NULL) | 525 mark = PORT_ArenaMark(poolp); |
587 » return SECFailure; | 526 |
588 | 527 src = &cinfo->content.encryptedData->encContentInfo.encContent; |
589 if(poolp == NULL) | 528 dest = &cinfo->content.encryptedData->encContentInfo.plainContent; |
590 » poolp = cinfo->poolp; | 529 dest->data = (unsigned char *)PORT_ArenaZAlloc(poolp, (src->len + 64)); |
591 | 530 dest->len = (src->len + 64); |
592 mark = PORT_ArenaMark(poolp); | 531 if (dest->data == NULL) { |
593 ···· | 532 rv = SECFailure; |
594 src = &cinfo->content.encryptedData->encContentInfo.encContent; | 533 goto loser; |
595 dest = &cinfo->content.encryptedData->encContentInfo.plainContent; | 534 } |
596 dest->data = (unsigned char*)PORT_ArenaZAlloc(poolp, (src->len + 64)); | 535 |
597 dest->len = (src->len + 64); | 536 slot = PK11_GetInternalKeySlot(); |
598 if(dest->data == NULL) { | 537 if (slot == NULL) { |
599 » rv = SECFailure; | 538 rv = SECFailure; |
600 » goto loser; | 539 goto loser; |
601 } | 540 } |
602 | 541 |
603 slot = PK11_GetInternalKeySlot(); | 542 eKey = PK11_PBEKeyGen(slot, algid, key, PR_FALSE, wincx); |
604 if(slot == NULL) { | 543 if (eKey == NULL) { |
605 » rv = SECFailure; | 544 rv = SECFailure; |
606 » goto loser; | 545 goto loser; |
607 } | 546 } |
608 | 547 |
609 eKey = PK11_PBEKeyGen(slot, algid, key, PR_FALSE, wincx); | 548 cryptoMechType = PK11_GetPBECryptoMechanism(algid, &c_param, key); |
610 if(eKey == NULL) { | 549 if (cryptoMechType == CKM_INVALID_MECHANISM) { |
611 » rv = SECFailure; | 550 rv = SECFailure; |
612 » goto loser; | 551 goto loser; |
613 } | 552 } |
614 ···· | 553 |
615 cryptoMechType = PK11_GetPBECryptoMechanism(algid, &c_param, key); | 554 cx = PK11_CreateContextBySymKey(cryptoMechType, CKA_DECRYPT, eKey, c_param); |
616 if (cryptoMechType == CKM_INVALID_MECHANISM) { | 555 if (cx == NULL) { |
617 » rv = SECFailure; | 556 rv = SECFailure; |
618 » goto loser; | 557 goto loser; |
619 } | 558 } |
620 | 559 |
621 cx = PK11_CreateContextBySymKey(cryptoMechType, CKA_DECRYPT, | 560 rv = PK11_CipherOp((PK11Context *)cx, dest->data, (int *)(&dest->len), |
622 » » » » eKey, c_param); | 561 (int)(src->len + 64), src->data, (int)src->len); |
623 if(cx == NULL) { | 562 PK11_DestroyContext((PK11Context *)cx, PR_TRUE); |
624 » rv = SECFailure; | 563 |
625 » goto loser; | 564 bs = PK11_GetBlockSize(cryptoMechType, c_param); |
626 } | 565 if (bs) { |
627 | 566 /* check for proper badding in block algorithms. this assumes |
628 rv = PK11_CipherOp((PK11Context*)cx, dest->data, (int *)(&dest->len),· | 567 * RC2 cbc or a DES cbc variant. and the padding is thus defined |
629 » » (int)(src->len + 64), src->data, (int)src->len); | 568 */ |
630 PK11_DestroyContext((PK11Context *)cx, PR_TRUE); | 569 if (((int)dest->data[dest->len - 1] <= bs) && |
631 | 570 ((int)dest->data[dest->len - 1] > 0)) { |
632 bs = PK11_GetBlockSize(cryptoMechType, c_param); | 571 dest->len -= (int)dest->data[dest->len - 1]; |
633 if(bs) { | 572 } else { |
634 » /* check for proper badding in block algorithms. this assumes | 573 rv = SECFailure; |
635 » * RC2 cbc or a DES cbc variant. and the padding is thus defined | 574 /* set an error ? */ |
636 » */ | 575 } |
637 » if(((int)dest->data[dest->len-1] <= bs) &&· | 576 } |
638 » ((int)dest->data[dest->len-1] > 0)) { | |
639 » dest->len -= (int)dest->data[dest->len-1]; | |
640 » } else { | |
641 » rv = SECFailure; | |
642 » /* set an error ? */ | |
643 » } | |
644 }· | |
645 | 577 |
646 loser: | 578 loser: |
647 /* let success fall through */ | 579 /* let success fall through */ |
648 if(result != NULL) | 580 if (result != NULL) SECITEM_ZfreeItem(result, PR_TRUE); |
649 » SECITEM_ZfreeItem(result, PR_TRUE); | 581 |
650 | 582 if (rv == SECFailure) |
651 if(rv == SECFailure) | 583 PORT_ArenaRelease(poolp, mark); |
652 » PORT_ArenaRelease(poolp, mark); | 584 else |
653 else | 585 PORT_ArenaUnmark(poolp, mark); |
654 » PORT_ArenaUnmark(poolp, mark); | 586 |
655 | 587 if (eKey != NULL) PK11_FreeSymKey(eKey); |
656 if(eKey != NULL) | 588 |
657 » PK11_FreeSymKey(eKey); | 589 if (slot != NULL) PK11_FreeSlot(slot); |
658 | 590 |
659 if(slot != NULL) | 591 if (c_param != NULL) SECITEM_ZfreeItem(c_param, PR_TRUE); |
660 » PK11_FreeSlot(slot); | 592 |
661 | 593 return rv; |
662 if(c_param != NULL) | 594 } |
663 » SECITEM_ZfreeItem(c_param, PR_TRUE); | 595 |
664 »······· | 596 SECItem **SEC_PKCS7GetCertificateList(SEC_PKCS7ContentInfo *cinfo) { |
665 return rv; | 597 switch (SEC_PKCS7ContentType(cinfo)) { |
666 } | 598 case SEC_OID_PKCS7_SIGNED_DATA: |
667 | 599 return cinfo->content.signedData->rawCerts; |
668 SECItem ** | 600 break; |
669 SEC_PKCS7GetCertificateList(SEC_PKCS7ContentInfo *cinfo) | 601 default: |
670 { | 602 return NULL; |
671 switch(SEC_PKCS7ContentType(cinfo)) | 603 break; |
672 { | 604 } |
673 » case SEC_OID_PKCS7_SIGNED_DATA: | 605 } |
674 » return cinfo->content.signedData->rawCerts; | 606 |
675 » break; | 607 int SEC_PKCS7GetKeyLength(SEC_PKCS7ContentInfo *cinfo) { |
676 » default: | |
677 » return NULL; | |
678 » break; | |
679 } | |
680 } | |
681 | |
682 | |
683 int | |
684 SEC_PKCS7GetKeyLength(SEC_PKCS7ContentInfo *cinfo) | |
685 { | |
686 if (cinfo->contentTypeTag->offset == SEC_OID_PKCS7_ENVELOPED_DATA) | 608 if (cinfo->contentTypeTag->offset == SEC_OID_PKCS7_ENVELOPED_DATA) |
687 return cinfo->content.envelopedData->encContentInfo.keysize; | 609 return cinfo->content.envelopedData->encContentInfo.keysize; |
688 else | 610 else |
689 return 0; | 611 return 0; |
690 } | 612 } |
691 | |
OLD | NEW |