From a3d7e8e81678ff528c28e8e6cfbc7bea64ce7996 Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Wed, 13 Oct 2010 15:44:39 -0400 Subject: [PATCH 052/150] - move turning-off-streaming and setting-signeddata-contents out of shared areas --- src/plugins/preauth/pkinit/pkinit_crypto_nss.c | 37 +++++++++++++++++++---- 1 files changed, 30 insertions(+), 7 deletions(-) diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c index 279715d..8fcae83 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c @@ -3068,13 +3068,6 @@ crypto_signeddata_common_create(krb5_context context, } } - /* Store the signed-data object in the passed-in content-info. */ - if (NSS_CMSContentInfo_SetContent_SignedData(msg, info, - sdata) != SECSuccess) { - pkiDebug("%s: error adding signing time\n", - __FUNCTION__); - return ENOMEM; - } *signed_data = sdata; return 0; } @@ -3185,6 +3178,11 @@ cms_envelopeddata_create(krb5_context context, PORT_FreeArena(pool, PR_TRUE); return ENOMEM; } + if (NSS_CMSContentInfo_SetDontStream(info, PR_TRUE) != SECSuccess) { + pkiDebug("%s: error turning off streaming\n", __FUNCTION__); + PORT_FreeArena(pool, PR_TRUE); + return ENOMEM; + } sdata = NULL; if ((crypto_signeddata_common_create(context, plg_cryptoctx, @@ -3199,6 +3197,11 @@ cms_envelopeddata_create(krb5_context context, PORT_FreeArena(pool, PR_TRUE); return ENOMEM; } + if (NSS_CMSContentInfo_SetContent_SignedData(msg, info, + sdata) != SECSuccess) { + PORT_FreeArena(pool, PR_TRUE); + return ENOMEM; + } /* Set the raw data as the contents for the signed-data. */ info = NSS_CMSSignedData_GetContentInfo(sdata); @@ -3206,6 +3209,11 @@ cms_envelopeddata_create(krb5_context context, PORT_FreeArena(pool, PR_TRUE); return ENOMEM; } + if (NSS_CMSContentInfo_SetDontStream(info, PR_TRUE) != SECSuccess) { + pkiDebug("%s: error turning off streaming\n", __FUNCTION__); + PORT_FreeArena(pool, PR_TRUE); + return ENOMEM; + } plain.data = key_pack; plain.len = key_pack_len; if (NSS_CMSContentInfo_SetContent(msg, info, encapsulated_tag, @@ -3488,6 +3496,11 @@ cms_signeddata_create(krb5_context context, PORT_FreeArena(pool, PR_TRUE); return ENOMEM; } + if (NSS_CMSContentInfo_SetDontStream(info, PR_TRUE) != SECSuccess) { + pkiDebug("%s: error turning off streaming\n", __FUNCTION__); + PORT_FreeArena(pool, PR_TRUE); + return ENOMEM; + } sdata = NULL; if ((crypto_signeddata_common_create(context, plg_cryptoctx, @@ -3502,6 +3515,11 @@ cms_signeddata_create(krb5_context context, PORT_FreeArena(pool, PR_TRUE); return ENOMEM; } + if (NSS_CMSContentInfo_SetContent_SignedData(msg, info, + sdata) != SECSuccess) { + PORT_FreeArena(pool, PR_TRUE); + return ENOMEM; + } /* Set the data as the contents of the signed-data. */ info = NSS_CMSSignedData_GetContentInfo(sdata); @@ -3509,6 +3527,11 @@ cms_signeddata_create(krb5_context context, PORT_FreeArena(pool, PR_TRUE); return ENOMEM; } + if (NSS_CMSContentInfo_SetDontStream(info, PR_TRUE) != SECSuccess) { + pkiDebug("%s: error turning off streaming\n", __FUNCTION__); + PORT_FreeArena(pool, PR_TRUE); + return ENOMEM; + } if (NSS_CMSContentInfo_SetContent(msg, info, encapsulated_tag, NULL) != SECSuccess) { pkiDebug("%s: error setting encapsulated content type\n", -- 1.7.6.4