From 107efad9c92b8d1cd6203a1e81327db78f4ea859 Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Thu, 2 Dec 2010 15:37:54 -0500 Subject: [PATCH 115/150] - get the server half of anonymous going now --- src/plugins/preauth/pkinit/pkinit_crypto_nss.c | 31 ++++++++++++++++++++++- 1 files changed, 29 insertions(+), 2 deletions(-) diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c index 9824185..a2d108e 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c @@ -4810,6 +4810,7 @@ cms_signeddata_verify(krb5_context context, SECOidTag expected_tag; PLArenaPool *pool; SECItem *plain, encoded; + struct content_info simple_content_info; int was_signed, ret; switch (cms_msg_type) { @@ -4837,12 +4838,38 @@ cms_signeddata_verify(krb5_context context, } certdb = CERT_GetDefaultCertDB(); - /* Decode the message. */ #ifdef DEBUG_DER derdump(signed_data, signed_data_len); #endif + + memset(&encoded, 0, sizeof(encoded)); encoded.data = signed_data; encoded.len = signed_data_len; + + /* Take a quick look at what it claims to be. */ + memset(&simple_content_info, 0, sizeof(simple_content_info)); + if (SEC_ASN1DecodeItem(pool, &simple_content_info, + content_info_template, &encoded) == SECSuccess) { + /* If it's unsigned data of the right type... */ + if (SECOID_FindOIDTag(&simple_content_info.content_type) == + expected_tag) { + /* Pull out the payload -- it's not wrapped in a + * SignedData. */ + pkiDebug("%s: data is not signed\n", __FUNCTION__); + if (is_signed != NULL) { + *is_signed = 0; + } + if (secitem_to_buf_len(&simple_content_info.content, + payload, + payload_len) != 0) { + PORT_FreeArena(pool, PR_TRUE); + return ENOMEM; + } + return 0; + } + } + + /* Decode the message. */ msg = NSS_CMSMessage_CreateFromDER(&encoded, NULL, NULL, crypto_pwcb, @@ -4853,7 +4880,7 @@ cms_signeddata_verify(krb5_context context, return ENOMEM; } - /* Check whether or not it's signed. */ + /* Double-check that it's signed. */ info = NSS_CMSMessage_GetContentInfo(msg); if (info == NULL) { NSS_CMSMessage_Destroy(msg); -- 1.7.6.4