From 6e4b531d20635f020046b0665d7da90d3ac62a10 Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Wed, 13 Oct 2010 19:41:52 -0400 Subject: [PATCH 053/150] - temporarily disable the disabling of streaming - build messages correctly using generic not-wrapped data support --- src/plugins/preauth/pkinit/pkinit_crypto_nss.c | 70 +++++++----------------- 1 files changed, 20 insertions(+), 50 deletions(-) diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c index 8fcae83..0070fd9 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c @@ -55,6 +55,7 @@ * general-purpose SSL/TLS configuration, even though we're leaning on SSL/TLS * trust settings. */ #define CONFIGDIR "/home/nalin/projects/krb5/pkinit/src/plugins/preauth/pkinit" /* FIXME */ +#define NSS_CMSContentInfo_SetDontStream(a, b) (SECSuccess) /* FIXME */ #define DEBUG_DER "derdump" @@ -424,28 +425,6 @@ get_pkinit_data_auth_data_tag(void) return oid_pkinit_auth_data.offset; } -struct wrapped_data { - NSSCMSGenericWrapperData parent; - SECItem *wrapped_data; -}; - -static SEC_ASN1Template -wrapped_data_template[] = { - { - .kind = SEC_ASN1_SEQUENCE, - .offset = 0, - .sub = NULL, - .size = sizeof(struct wrapped_data), - }, - { - .kind = SEC_ASN1_ANY | SEC_ASN1_POINTER, - .offset = offsetof(struct wrapped_data, wrapped_data), - .sub = &SEC_AnyTemplate, - .size = sizeof(SECItem *), - }, - {0, 0, NULL, 0}, -}; - static SECOidTag get_pkinit_data_rkey_data_tag(void) { @@ -623,26 +602,19 @@ pkinit_fini_identity_crypto(pkinit_identity_crypto_context id_cryptoctx) } static SECStatus -return_success(NSSCMSGenericWrapperData *data) -{ - return SECSuccess; -} - -static SECStatus crypto_register_any(SECOidTag tag) { - static NSSCMSGenericWrapperDataCallback success = return_success; if (NSS_CMSType_RegisterContentType(tag, - wrapped_data_template, - sizeof(struct wrapped_data), NULL, - &success, - &success, - &success, - &success, - &success, - &success, - PR_FALSE) != SECSuccess) { + 0, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + PR_TRUE) != SECSuccess) { return ENOMEM; } return 0; @@ -2987,14 +2959,15 @@ cms_contentinfo_create(krb5_context context, return ENOMEM; } - plain.data = in_data; - plain.len = in_length; if (NSS_CMSContentInfo_SetContent(msg, info, encapsulated_tag, - &plain) != SECSuccess) { + NULL) != SECSuccess) { PORT_FreeArena(pool, PR_TRUE); return ENOMEM; } + memset(&plain, 0, sizeof(plain)); + plain.data = in_data; + plain.len = in_length; memset(&encoded, 0, sizeof(encoded)); if (NSS_CMSDEREncode(msg, &plain, &encoded, pool) != SECSuccess) { PORT_FreeArena(pool, PR_TRUE); @@ -3214,17 +3187,18 @@ cms_envelopeddata_create(krb5_context context, PORT_FreeArena(pool, PR_TRUE); return ENOMEM; } - plain.data = key_pack; - plain.len = key_pack_len; if (NSS_CMSContentInfo_SetContent(msg, info, encapsulated_tag, - &plain) != SECSuccess) { + NULL) != SECSuccess) { PORT_FreeArena(pool, PR_TRUE); return ENOMEM; } /* Encode and export. */ + memset(&plain, 0, sizeof(plain)); + plain.data = key_pack; + plain.len = key_pack_len; memset(&encoded, 0, sizeof(encoded)); - if (NSS_CMSDEREncode(msg, NULL, &encoded, pool) != SECSuccess) { + if (NSS_CMSDEREncode(msg, &plain, &encoded, pool) != SECSuccess) { PORT_FreeArena(pool, PR_TRUE); pkiDebug("%s: error encoding enveloped-data\n", __FUNCTION__); @@ -3451,7 +3425,6 @@ cms_signeddata_create(krb5_context context, NSSCMSSignedData *sdata; PLArenaPool *pool; SECItem plain, encoded; - struct wrapped_data wrapper; SECOidTag digest, encapsulated_tag; PRBool add_signed_attributes; @@ -3540,13 +3513,10 @@ cms_signeddata_create(krb5_context context, return ENOMEM; } + /* Encode and export. */ memset(&plain, 0, sizeof(plain)); plain.data = payload; plain.len = payload_len; - memset(&wrapper, 0, sizeof(wrapper)); - wrapper.wrapped_data = &plain; - - /* Encode and export. */ memset(&encoded, 0, sizeof(encoded)); if (NSS_CMSDEREncode(msg, &plain, &encoded, pool) != SECSuccess) { PORT_FreeArena(pool, PR_TRUE); -- 1.7.6.4