From d8b0fbee37d7782ae815c9c6dfeb743da756e614 Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Tue, 6 Sep 2011 15:13:57 -0400 Subject: [PATCH 131/150] - clean up a diagnostic message --- src/plugins/preauth/pkinit/pkinit_crypto_nss.c | 55 +++++++++-------------- 1 files changed, 22 insertions(+), 33 deletions(-) diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c index d5ccd29..35df730 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c @@ -75,9 +75,6 @@ * SSL/TLS trust settings. */ #define DEFAULT_CONFIGDIR "/etc/pki/nssdb" -/* FIXME: This API doesn't work yet, so short-circuit calls to it. */ -#define NSS_CMSContentInfo_SetDontStream(a, b) (SECSuccess) - /* #define DEBUG_DER "/usr/lib64/nss/unsupported-tools/derdump" */ /* #define DEBUG_SENSITIVE */ @@ -4440,12 +4437,6 @@ cms_envelopeddata_create(krb5_context context, PORT_FreeArena(pool, PR_TRUE); return ENOMEM; } - if (NSS_CMSContentInfo_SetDontStream(info, PR_TRUE) != SECSuccess) { - pkiDebug("%s: error turning off streaming\n", __FUNCTION__); - NSS_CMSMessage_Destroy(msg); - PORT_FreeArena(pool, PR_TRUE); - return ENOMEM; - } if (NSS_CMSContentInfo_SetContent_EnvelopedData(msg, info, env) != SECSuccess) { pkiDebug("%s: error setting enveloped-data content\n", @@ -4479,12 +4470,6 @@ cms_envelopeddata_create(krb5_context context, PORT_FreeArena(pool, PR_TRUE); return ENOMEM; } - if (NSS_CMSContentInfo_SetDontStream(info, PR_TRUE) != SECSuccess) { - pkiDebug("%s: error turning off streaming\n", __FUNCTION__); - NSS_CMSMessage_Destroy(msg); - PORT_FreeArena(pool, PR_TRUE); - return ENOMEM; - } sdata = NULL; if ((crypto_signeddata_common_create(context, plg_cryptoctx, @@ -4515,12 +4500,6 @@ cms_envelopeddata_create(krb5_context context, PORT_FreeArena(pool, PR_TRUE); return ENOMEM; } - if (NSS_CMSContentInfo_SetDontStream(info, PR_TRUE) != SECSuccess) { - pkiDebug("%s: error turning off streaming\n", __FUNCTION__); - NSS_CMSMessage_Destroy(msg); - PORT_FreeArena(pool, PR_TRUE); - return ENOMEM; - } if (NSS_CMSContentInfo_SetContent(msg, info, encapsulated_tag, NULL) != SECSuccess) { pkiDebug("%s: error setting encapsulated content\n", @@ -4585,6 +4564,7 @@ crypto_signeddata_common_verify(krb5_context context, NSSCMSContentInfo *ecinfo; CERTCertificate *cert; SECOidTag encapsulated_tag; + SECOidData *expected, *received; SECStatus status; SECItem *edata; int n_signers; @@ -4759,6 +4739,27 @@ crypto_signeddata_common_verify(krb5_context context, (encapsulated_tag != expected_type2))) { pkiDebug("%s: wrong encapsulated content type\n", __FUNCTION__); + expected = SECOID_FindOIDByTag(expected_type); + if (encapsulated_tag != SEC_OID_UNKNOWN) { + received = SECOID_FindOIDByTag(encapsulated_tag); + } else { + received = NULL; + } + if (expected != NULL) { + if (received != NULL) { + pkiDebug("%s: was expecting \"%s\"(%d), " + "but got \"%s\"(%d)\n", + __FUNCTION__, + expected->desc, expected->offset, + received->desc, received->offset); + } else { + pkiDebug("%s: was expecting \"%s\"(%d), " + "but got unrecognized type (%d)\n", + __FUNCTION__, + expected->desc, expected->offset, + encapsulated_tag); + } + } if (ecmsg != NULL) { NSS_CMSMessage_Destroy(ecmsg); } @@ -4954,12 +4955,6 @@ cms_signeddata_create(krb5_context context, PORT_FreeArena(pool, PR_TRUE); return ENOMEM; } - if (NSS_CMSContentInfo_SetDontStream(info, PR_TRUE) != SECSuccess) { - pkiDebug("%s: error turning off streaming\n", __FUNCTION__); - NSS_CMSMessage_Destroy(msg); - PORT_FreeArena(pool, PR_TRUE); - return ENOMEM; - } sdata = NULL; if ((crypto_signeddata_common_create(context, plg_cryptoctx, @@ -4990,12 +4985,6 @@ cms_signeddata_create(krb5_context context, PORT_FreeArena(pool, PR_TRUE); return ENOMEM; } - if (NSS_CMSContentInfo_SetDontStream(info, PR_TRUE) != SECSuccess) { - pkiDebug("%s: error turning off streaming\n", __FUNCTION__); - NSS_CMSMessage_Destroy(msg); - PORT_FreeArena(pool, PR_TRUE); - return ENOMEM; - } if (NSS_CMSContentInfo_SetContent(msg, info, encapsulated_tag, NULL) != SECSuccess) { pkiDebug("%s: error setting encapsulated content type\n", -- 1.7.6.4