[apple/security.git] / libsecurity_smime / lib / cmsdigest.c

/*
 * The contents of this file are subject to the Mozilla Public
 * License Version 1.1 (the "License"); you may not use this file
 * except in compliance with the License. You may obtain a copy of
 * the License at http://www.mozilla.org/MPL/
 * 
 * Software distributed under the License is distributed on an "AS
 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
 * implied. See the License for the specific language governing
 * rights and limitations under the License.
 * 
 * The Original Code is the Netscape security libraries.
 * 
 * The Initial Developer of the Original Code is Netscape
 * Communications Corporation.  Portions created by Netscape are 
 * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
 * Rights Reserved.
 * 
 * Contributor(s):
 * 
 * Alternatively, the contents of this file may be used under the
 * terms of the GNU General Public License Version 2 or later (the
 * "GPL"), in which case the provisions of the GPL are applicable 
 * instead of those above.  If you wish to allow use of your 
 * version of this file only under the terms of the GPL and not to
 * allow others to use your version of this file under the MPL,
 * indicate your decision by deleting the provisions above and
 * replace them with the notice and other provisions required by
 * the GPL.  If you do not delete the provisions above, a recipient
 * may use your version of this file under either the MPL or the
 * GPL.
 */

/*
 * CMS digesting.
 */
#include <assert.h>

#include "cmslocal.h"

#include "SecAsn1Item.h"
#include "secoid.h"

#include <security_asn1/secerr.h>
#include <security_asn1/secport.h>

#if USE_CDSA_CRYPTO
#include <Security/cssmapi.h>
#else
#include <CommonCrypto/CommonDigest.h>
#endif

#include "SecCmsDigestContext.h"

struct SecCmsDigestContextStr {
    PLArenaPool *	poolp;
    Boolean		saw_contents;
    int                 digcnt;
#if USE_CDSA_CRYPTO
    CSSM_CC_HANDLE *	digobjs;
#else
    void **             digobjs;
#endif
    SECAlgorithmID **   digestalgs;
};

/*
 * SecCmsDigestContextStartMultiple - start digest calculation using all the
 *  digest algorithms in "digestalgs" in parallel.
 */
SecCmsDigestContextRef
SecCmsDigestContextStartMultiple(SECAlgorithmID **digestalgs)
{
    PLArenaPool *poolp;
    SecCmsDigestContextRef cmsdigcx;
#if USE_CDSA_CRYPTO
    CSSM_CC_HANDLE digobj;
#else
    void * digobj;
#endif
    int digcnt;
    int i;

    poolp = PORT_NewArena(1024);
    if (poolp == NULL)
	goto loser;

    digcnt = (digestalgs == NULL) ? 0 : SecCmsArrayCount((void **)digestalgs);

    cmsdigcx = (SecCmsDigestContextRef)PORT_ArenaAlloc(poolp, sizeof(struct SecCmsDigestContextStr));
    if (cmsdigcx == NULL)
	return NULL;
    cmsdigcx->poolp = poolp;

    if (digcnt > 0) {
#if USE_CDSA_CRYPTO
	cmsdigcx->digobjs = (CSSM_CC_HANDLE *)PORT_ArenaAlloc(poolp, digcnt * sizeof(CSSM_CC_HANDLE));
	if (cmsdigcx->digobjs == NULL)
	    goto loser;
#else
	cmsdigcx->digobjs = (void**)PORT_ArenaAlloc(poolp, digcnt * sizeof(void *));
	if (cmsdigcx->digobjs == NULL)
	    goto loser;
#endif
	cmsdigcx->digestalgs = (SECAlgorithmID **)PORT_ArenaZAlloc(poolp,
	    (digcnt + 1) * sizeof(SECAlgorithmID *));
	if (cmsdigcx->digestalgs == NULL)
	    goto loser;
    }

    cmsdigcx->digcnt = 0;

    /*
     * Create a digest object context for each algorithm.
     */
    for (i = 0; i < digcnt; i++) {
	digobj = SecCmsUtilGetHashObjByAlgID(digestalgs[i]);
	/*
	 * Skip any algorithm we do not even recognize; obviously,
	 * this could be a problem, but if it is critical then the
	 * result will just be that the signature does not verify.
	 * We do not necessarily want to error out here, because
	 * the particular algorithm may not actually be important,
	 * but we cannot know that until later.
	 */
#if USE_CDSA_CRYPTO
	if (digobj)
	    if (CSSM_DigestDataInit(digobj))
		goto loser;
#endif

	cmsdigcx->digobjs[cmsdigcx->digcnt] = digobj;
	cmsdigcx->digestalgs[cmsdigcx->digcnt] = PORT_ArenaAlloc(poolp, sizeof(SECAlgorithmID));
	if (SECITEM_CopyItem(poolp,
	    &(cmsdigcx->digestalgs[cmsdigcx->digcnt]->algorithm),
	    &(digestalgs[i]->algorithm))
	    || SECITEM_CopyItem(poolp,
	    &(cmsdigcx->digestalgs[cmsdigcx->digcnt]->parameters),
	    &(digestalgs[i]->parameters)))
	    goto loser;
	cmsdigcx->digcnt++;
    }

    cmsdigcx->saw_contents = PR_FALSE;

    return cmsdigcx;

loser:
    if (poolp)
	PORT_FreeArena(poolp, PR_FALSE);

    return NULL;
}

/*
 * SecCmsDigestContextStartSingle - same as SecCmsDigestContextStartMultiple, but
 *  only one algorithm.
 */
SecCmsDigestContextRef
SecCmsDigestContextStartSingle(SECAlgorithmID *digestalg)
{
    SECAlgorithmID *digestalgs[] = { NULL, NULL };		/* fake array */

    digestalgs[0] = digestalg;
    return SecCmsDigestContextStartMultiple(digestalgs);
}

/*
 * SecCmsDigestContextUpdate - feed more data into the digest machine
 */
void
SecCmsDigestContextUpdate(SecCmsDigestContextRef cmsdigcx, const unsigned char *data, size_t len)
{
    SecAsn1Item dataBuf;
    int i;

    dataBuf.Length = len;
    dataBuf.Data = (uint8_t *)data;
    cmsdigcx->saw_contents = PR_TRUE;
    for (i = 0; i < cmsdigcx->digcnt; i++) {
	if (cmsdigcx->digobjs[i]) {
#if USE_CDSA_CRYPTO
	    CSSM_DigestDataUpdate(cmsdigcx->digobjs[i], &dataBuf, 1);
#else
            /* 64 bits cast: worst case is we truncate the length and we dont hash all the data.
               This may cause an invalid CMS blob larger than 4GB to be validated. Unlikely, but
               possible security issue. There is no way to return an error here, but a check at
               the upper level may happen. */
            assert(len<=UINT32_MAX); /* Debug check. Correct as long as CC_LONG is uint32_t */
            switch (SECOID_GetAlgorithmTag(cmsdigcx->digestalgs[i])) {
            case SEC_OID_SHA1: CC_SHA1_Update((CC_SHA1_CTX *)cmsdigcx->digobjs[i], data, (CC_LONG)len); break;
            case SEC_OID_MD5: CC_MD5_Update((CC_MD5_CTX *)cmsdigcx->digobjs[i], data, (CC_LONG)len); break;
            case SEC_OID_SHA224: CC_SHA224_Update((CC_SHA256_CTX *)cmsdigcx->digobjs[i], data, (CC_LONG)len); break;
            case SEC_OID_SHA256: CC_SHA256_Update((CC_SHA256_CTX *)cmsdigcx->digobjs[i], data, (CC_LONG)len); break;
            case SEC_OID_SHA384: CC_SHA384_Update((CC_SHA512_CTX *)cmsdigcx->digobjs[i], data, (CC_LONG)len); break;
            case SEC_OID_SHA512: CC_SHA512_Update((CC_SHA512_CTX *)cmsdigcx->digobjs[i], data, (CC_LONG)len); break;
            default:
                break;
            }
#endif
        }
    }
}

/*
 * SecCmsDigestContextCancel - cancel digesting operation
 */
void
SecCmsDigestContextCancel(SecCmsDigestContextRef cmsdigcx)
{
    int i;

    for (i = 0; i < cmsdigcx->digcnt; i++)
	if (cmsdigcx->digobjs[i])
#if USE_CDSA_CRYPTO
	    CSSM_DeleteContext(cmsdigcx->digobjs[i]);
#else
            free(cmsdigcx->digobjs[i]);
#endif

    PORT_FreeArena(cmsdigcx->poolp, PR_FALSE);
}

/*
 * SecCmsDigestContextDestroy - delete a digesting operation
 */
void
SecCmsDigestContextDestroy(SecCmsDigestContextRef cmsdigcx)
{
    SecCmsDigestContextCancel(cmsdigcx);
}

/*
 * SecCmsDigestContextFinishMultiple - finish the digests
 */
OSStatus
SecCmsDigestContextFinishMultiple(SecCmsDigestContextRef cmsdigcx,
			    SECAlgorithmID ***digestalgsp,
			    SecAsn1Item * **digestsp)
{
#if USE_CDSA_CRYPTO
    CSSM_CC_HANDLE digboj;
#else
    void * digobj;
#endif
    SecAsn1Item **digests, *digest;
    SECAlgorithmID **digestalgs;
    int i;
    void *mark;
    OSStatus rv = SECFailure;

    assert(cmsdigcx != NULL);

    /* A message with no contents (just signed attributes) is used within SCEP */
#if 0
    /* no contents? do not update digests */
    if (digestsp == NULL || !cmsdigcx->saw_contents) {
	for (i = 0; i < cmsdigcx->digcnt; i++)
	    if (cmsdigcx->digobjs[i])
#if USE_CDSA_CRYPTO
		CSSM_DeleteContext(cmsdigcx->digobjs[i]);
#else
                free(cmsdigcx->digobjs[i]);
#endif
	rv = SECSuccess;
	if (digestsp)
	    *digestsp = NULL;
	goto cleanup;
    }
#endif

    assert(digestsp != NULL);
    assert(digestalgsp != NULL);

    mark = PORT_ArenaMark (cmsdigcx->poolp);

    /* allocate digest array & SecAsn1Items on arena */
    digestalgs = (SECAlgorithmID **)PORT_ArenaZAlloc(cmsdigcx->poolp, (cmsdigcx->digcnt+1) * sizeof(SECAlgorithmID *));
    digests = (SecAsn1Item * *)PORT_ArenaZAlloc(cmsdigcx->poolp, (cmsdigcx->digcnt+1) * sizeof(SecAsn1Item *));
    digest = (SecAsn1Item *)PORT_ArenaZAlloc(cmsdigcx->poolp, cmsdigcx->digcnt * sizeof(SecAsn1Item));
    if (digestalgs == NULL || digests == NULL || digest == NULL) {
	goto loser;
    }

    for (i = 0; i < cmsdigcx->digcnt; i++, digest++) {
    
        SECOidTag hash_alg = SECOID_GetAlgorithmTag(cmsdigcx->digestalgs[i]);
	int diglength = 0;
    
        switch (hash_alg) {
            case SEC_OID_SHA1: diglength = CC_SHA1_DIGEST_LENGTH; break;
            case SEC_OID_MD5: diglength = CC_MD5_DIGEST_LENGTH; break;
            case SEC_OID_SHA224: diglength = CC_SHA224_DIGEST_LENGTH; break;
            case SEC_OID_SHA256: diglength = CC_SHA256_DIGEST_LENGTH; break;
            case SEC_OID_SHA384: diglength = CC_SHA384_DIGEST_LENGTH; break;
            case SEC_OID_SHA512: diglength = CC_SHA512_DIGEST_LENGTH; break;
            default: goto loser; break;
        }
        
	digobj = cmsdigcx->digobjs[i];
	if (digobj)
	{
	    digest->Data = (unsigned char*)PORT_ArenaAlloc(cmsdigcx->poolp, diglength);
	    if (digest->Data == NULL)
		goto loser;
	    digest->Length = diglength;
#if USE_CDSA_CRYPTO
	    CSSM_DigestDataFinal(digobj, digest);
	    CSSM_DeleteContext(digobj);
#else
            switch (hash_alg) {
                case SEC_OID_SHA1: CC_SHA1_Final(digest->Data, digobj); break;
                case SEC_OID_MD5: CC_MD5_Final(digest->Data, digobj); break;
                case SEC_OID_SHA224: CC_SHA224_Final(digest->Data, digobj); break;
                case SEC_OID_SHA256: CC_SHA256_Final(digest->Data, digobj); break;
                case SEC_OID_SHA384: CC_SHA384_Final(digest->Data, digobj); break;
                case SEC_OID_SHA512: CC_SHA512_Final(digest->Data, digobj); break;
                default: goto loser; break;
            }

            free(digobj);
#endif
	    digestalgs[i] = cmsdigcx->digestalgs[i];
	    digests[i] = digest;
	}
	else
	{
	    digest->Data = NULL;
	    digest->Length = 0;
	}
    }
    digestalgs[i] = NULL;
    digests[i] = NULL;
    *digestalgsp = digestalgs;
    *digestsp = digests;

    rv = SECSuccess;

loser:
    if (rv == SECSuccess)
	PORT_ArenaUnmark(cmsdigcx->poolp, mark);
    else
	PORT_ArenaRelease(cmsdigcx->poolp, mark);

/*cleanup:*/
    /* Set things up so SecCmsDigestContextDestroy won't call CSSM_DeleteContext again. */ 
    cmsdigcx->digcnt = 0;

    return rv;
}

/*
 * SecCmsDigestContextFinishSingle - same as SecCmsDigestContextFinishMultiple,
 *  but for one digest.
 */
OSStatus
SecCmsDigestContextFinishSingle(SecCmsDigestContextRef cmsdigcx,
			    SecAsn1Item * digest)
{
    OSStatus rv = SECFailure;
    SecAsn1Item * *dp;
    SECAlgorithmID **ap;

    /* get the digests into arena, then copy the first digest into poolp */
    if (SecCmsDigestContextFinishMultiple(cmsdigcx, &ap, &dp) != SECSuccess)
	goto loser;

    /* Return the first element in the digest array. */
    digest = *dp;

    rv = SECSuccess;

loser:
    return rv;
}
Commit	Line	Data
b1ab9ed8 A	1	/*
	2	* The contents of this file are subject to the Mozilla Public
	3	* License Version 1.1 (the "License"); you may not use this file
	4	* except in compliance with the License. You may obtain a copy of
	5	* the License at http://www.mozilla.org/MPL/
	6	*
	7	* Software distributed under the License is distributed on an "AS
	8	* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
	9	* implied. See the License for the specific language governing
	10	* rights and limitations under the License.
	11	*
	12	* The Original Code is the Netscape security libraries.
	13	*
	14	* The Initial Developer of the Original Code is Netscape
	15	* Communications Corporation. Portions created by Netscape are
	16	* Copyright (C) 1994-2000 Netscape Communications Corporation. All
	17	* Rights Reserved.
	18	*
	19	* Contributor(s):
	20	*
	21	* Alternatively, the contents of this file may be used under the
	22	* terms of the GNU General Public License Version 2 or later (the
	23	* "GPL"), in which case the provisions of the GPL are applicable
	24	* instead of those above. If you wish to allow use of your
	25	* version of this file only under the terms of the GPL and not to
	26	* allow others to use your version of this file under the MPL,
	27	* indicate your decision by deleting the provisions above and
	28	* replace them with the notice and other provisions required by
	29	* the GPL. If you do not delete the provisions above, a recipient
	30	* may use your version of this file under either the MPL or the
	31	* GPL.
	32	*/
	33
	34	/*
	35	* CMS digesting.
	36	*/
d8f41ccd	37	#include <assert.h>
b1ab9ed8 A	38
	39	#include "cmslocal.h"
	40
d8f41ccd	41	#include "SecAsn1Item.h"
b1ab9ed8 A	42	#include "secoid.h"
	43
	44	#include <security_asn1/secerr.h>
d8f41ccd	45	#include <security_asn1/secport.h>
b1ab9ed8	46
d8f41ccd A	47	#if USE_CDSA_CRYPTO
	48	#include <Security/cssmapi.h>
	49	#else
	50	#include <CommonCrypto/CommonDigest.h>
	51	#endif
427c49bc	52
d8f41ccd	53	#include "SecCmsDigestContext.h"
b1ab9ed8 A	54
b1ab9ed8 A	55	struct SecCmsDigestContextStr {
d8f41ccd	56	PLArenaPool * poolp;
b1ab9ed8	57	Boolean saw_contents;
d8f41ccd A	58	int digcnt;
d8f41ccd A	59	#if USE_CDSA_CRYPTO
b1ab9ed8	60	CSSM_CC_HANDLE * digobjs;
d8f41ccd A	61	#else
	62	void ** digobjs;
	63	#endif
	64	SECAlgorithmID ** digestalgs;
b1ab9ed8 A	65	};
	66
	67	/*
	68	* SecCmsDigestContextStartMultiple - start digest calculation using all the
	69	* digest algorithms in "digestalgs" in parallel.
	70	*/
	71	SecCmsDigestContextRef
	72	SecCmsDigestContextStartMultiple(SECAlgorithmID **digestalgs)
	73	{
d8f41ccd	74	PLArenaPool *poolp;
b1ab9ed8	75	SecCmsDigestContextRef cmsdigcx;
d8f41ccd	76	#if USE_CDSA_CRYPTO
b1ab9ed8	77	CSSM_CC_HANDLE digobj;
d8f41ccd A	78	#else
	79	void * digobj;
	80	#endif
b1ab9ed8 A	81	int digcnt;
	82	int i;
	83
d8f41ccd A	84	poolp = PORT_NewArena(1024);
	85	if (poolp == NULL)
	86	goto loser;
	87
b1ab9ed8 A	88	digcnt = (digestalgs == NULL) ? 0 : SecCmsArrayCount((void **)digestalgs);
b1ab9ed8 A	89
d8f41ccd	90	cmsdigcx = (SecCmsDigestContextRef)PORT_ArenaAlloc(poolp, sizeof(struct SecCmsDigestContextStr));
b1ab9ed8 A	91	if (cmsdigcx == NULL)
b1ab9ed8 A	92	return NULL;
d8f41ccd	93	cmsdigcx->poolp = poolp;
b1ab9ed8 A	94
b1ab9ed8 A	95	if (digcnt > 0) {
d8f41ccd A	96	#if USE_CDSA_CRYPTO
	97	cmsdigcx->digobjs = (CSSM_CC_HANDLE )PORT_ArenaAlloc(poolp, digcnt sizeof(CSSM_CC_HANDLE));
	98	if (cmsdigcx->digobjs == NULL)
	99	goto loser;
	100	#else
	101	cmsdigcx->digobjs = (void*)PORT_ArenaAlloc(poolp, digcnt sizeof(void *));
b1ab9ed8 A	102	if (cmsdigcx->digobjs == NULL)
b1ab9ed8 A	103	goto loser;
d8f41ccd A	104	#endif
	105	cmsdigcx->digestalgs = (SECAlgorithmID **)PORT_ArenaZAlloc(poolp,
	106	(digcnt + 1) * sizeof(SECAlgorithmID *));
	107	if (cmsdigcx->digestalgs == NULL)
	108	goto loser;
b1ab9ed8 A	109	}
	110
	111	cmsdigcx->digcnt = 0;
	112
	113	/*
	114	* Create a digest object context for each algorithm.
	115	*/
	116	for (i = 0; i < digcnt; i++) {
	117	digobj = SecCmsUtilGetHashObjByAlgID(digestalgs[i]);
	118	/*
	119	* Skip any algorithm we do not even recognize; obviously,
	120	* this could be a problem, but if it is critical then the
	121	* result will just be that the signature does not verify.
	122	* We do not necessarily want to error out here, because
	123	* the particular algorithm may not actually be important,
	124	* but we cannot know that until later.
	125	*/
d8f41ccd	126	#if USE_CDSA_CRYPTO
b1ab9ed8	127	if (digobj)
d8f41ccd A	128	if (CSSM_DigestDataInit(digobj))
	129	goto loser;
	130	#endif
	131
b1ab9ed8	132	cmsdigcx->digobjs[cmsdigcx->digcnt] = digobj;
d8f41ccd A	133	cmsdigcx->digestalgs[cmsdigcx->digcnt] = PORT_ArenaAlloc(poolp, sizeof(SECAlgorithmID));
	134	if (SECITEM_CopyItem(poolp,
	135	&(cmsdigcx->digestalgs[cmsdigcx->digcnt]->algorithm),
	136	&(digestalgs[i]->algorithm))
	137	\|\| SECITEM_CopyItem(poolp,
	138	&(cmsdigcx->digestalgs[cmsdigcx->digcnt]->parameters),
	139	&(digestalgs[i]->parameters)))
	140	goto loser;
b1ab9ed8 A	141	cmsdigcx->digcnt++;
	142	}
	143
	144	cmsdigcx->saw_contents = PR_FALSE;
	145
	146	return cmsdigcx;
	147
	148	loser:
d8f41ccd A	149	if (poolp)
	150	PORT_FreeArena(poolp, PR_FALSE);
	151
b1ab9ed8 A	152	return NULL;
	153	}
	154
	155	/*
	156	* SecCmsDigestContextStartSingle - same as SecCmsDigestContextStartMultiple, but
	157	* only one algorithm.
	158	*/
	159	SecCmsDigestContextRef
	160	SecCmsDigestContextStartSingle(SECAlgorithmID *digestalg)
	161	{
	162	SECAlgorithmID digestalgs[] = { NULL, NULL }; / fake array */
	163
	164	digestalgs[0] = digestalg;
	165	return SecCmsDigestContextStartMultiple(digestalgs);
	166	}
	167
	168	/*
	169	* SecCmsDigestContextUpdate - feed more data into the digest machine
	170	*/
	171	void
	172	SecCmsDigestContextUpdate(SecCmsDigestContextRef cmsdigcx, const unsigned char *data, size_t len)
	173	{
d8f41ccd	174	SecAsn1Item dataBuf;
b1ab9ed8 A	175	int i;
	176
	177	dataBuf.Length = len;
d8f41ccd	178	dataBuf.Data = (uint8_t *)data;
b1ab9ed8	179	cmsdigcx->saw_contents = PR_TRUE;
d8f41ccd A	180	for (i = 0; i < cmsdigcx->digcnt; i++) {
	181	if (cmsdigcx->digobjs[i]) {
	182	#if USE_CDSA_CRYPTO
b1ab9ed8	183	CSSM_DigestDataUpdate(cmsdigcx->digobjs[i], &dataBuf, 1);
d8f41ccd A	184	#else
	185	/* 64 bits cast: worst case is we truncate the length and we dont hash all the data.
	186	This may cause an invalid CMS blob larger than 4GB to be validated. Unlikely, but
	187	possible security issue. There is no way to return an error here, but a check at
	188	the upper level may happen. */
	189	assert(len<=UINT32_MAX); /* Debug check. Correct as long as CC_LONG is uint32_t */
	190	switch (SECOID_GetAlgorithmTag(cmsdigcx->digestalgs[i])) {
	191	case SEC_OID_SHA1: CC_SHA1_Update((CC_SHA1_CTX *)cmsdigcx->digobjs[i], data, (CC_LONG)len); break;
	192	case SEC_OID_MD5: CC_MD5_Update((CC_MD5_CTX *)cmsdigcx->digobjs[i], data, (CC_LONG)len); break;
	193	case SEC_OID_SHA224: CC_SHA224_Update((CC_SHA256_CTX *)cmsdigcx->digobjs[i], data, (CC_LONG)len); break;
	194	case SEC_OID_SHA256: CC_SHA256_Update((CC_SHA256_CTX *)cmsdigcx->digobjs[i], data, (CC_LONG)len); break;
	195	case SEC_OID_SHA384: CC_SHA384_Update((CC_SHA512_CTX *)cmsdigcx->digobjs[i], data, (CC_LONG)len); break;
	196	case SEC_OID_SHA512: CC_SHA512_Update((CC_SHA512_CTX *)cmsdigcx->digobjs[i], data, (CC_LONG)len); break;
	197	default:
	198	break;
	199	}
	200	#endif
	201	}
	202	}
b1ab9ed8 A	203	}
	204
	205	/*
	206	* SecCmsDigestContextCancel - cancel digesting operation
	207	*/
	208	void
	209	SecCmsDigestContextCancel(SecCmsDigestContextRef cmsdigcx)
	210	{
	211	int i;
	212
	213	for (i = 0; i < cmsdigcx->digcnt; i++)
	214	if (cmsdigcx->digobjs[i])
d8f41ccd	215	#if USE_CDSA_CRYPTO
b1ab9ed8	216	CSSM_DeleteContext(cmsdigcx->digobjs[i]);
d8f41ccd A	217	#else
	218	free(cmsdigcx->digobjs[i]);
	219	#endif
	220
	221	PORT_FreeArena(cmsdigcx->poolp, PR_FALSE);
b1ab9ed8 A	222	}
	223
	224	/*
d8f41ccd A	225	* SecCmsDigestContextDestroy - delete a digesting operation
	226	*/
	227	void
	228	SecCmsDigestContextDestroy(SecCmsDigestContextRef cmsdigcx)
	229	{
	230	SecCmsDigestContextCancel(cmsdigcx);
	231	}
	232
	233	/*
	234	* SecCmsDigestContextFinishMultiple - finish the digests
b1ab9ed8 A	235	*/
b1ab9ed8 A	236	OSStatus
d8f41ccd A	237	SecCmsDigestContextFinishMultiple(SecCmsDigestContextRef cmsdigcx,
	238	SECAlgorithmID ***digestalgsp,
	239	SecAsn1Item * **digestsp)
b1ab9ed8	240	{
d8f41ccd A	241	#if USE_CDSA_CRYPTO
	242	CSSM_CC_HANDLE digboj;
	243	#else
	244	void * digobj;
	245	#endif
	246	SecAsn1Item *digests, digest;
	247	SECAlgorithmID **digestalgs;
b1ab9ed8 A	248	int i;
	249	void *mark;
	250	OSStatus rv = SECFailure;
	251
d8f41ccd A	252	assert(cmsdigcx != NULL);
	253
	254	/* A message with no contents (just signed attributes) is used within SCEP */
	255	#if 0
b1ab9ed8 A	256	/* no contents? do not update digests */
	257	if (digestsp == NULL \|\| !cmsdigcx->saw_contents) {
	258	for (i = 0; i < cmsdigcx->digcnt; i++)
	259	if (cmsdigcx->digobjs[i])
d8f41ccd	260	#if USE_CDSA_CRYPTO
b1ab9ed8	261	CSSM_DeleteContext(cmsdigcx->digobjs[i]);
d8f41ccd A	262	#else
	263	free(cmsdigcx->digobjs[i]);
	264	#endif
b1ab9ed8 A	265	rv = SECSuccess;
	266	if (digestsp)
	267	*digestsp = NULL;
	268	goto cleanup;
	269	}
d8f41ccd A	270	#endif
	271
	272	assert(digestsp != NULL);
	273	assert(digestalgsp != NULL);
b1ab9ed8	274
d8f41ccd	275	mark = PORT_ArenaMark (cmsdigcx->poolp);
b1ab9ed8	276
d8f41ccd A	277	/* allocate digest array & SecAsn1Items on arena */
	278	digestalgs = (SECAlgorithmID *)PORT_ArenaZAlloc(cmsdigcx->poolp, (cmsdigcx->digcnt+1) sizeof(SECAlgorithmID *));
	279	digests = (SecAsn1Item * )PORT_ArenaZAlloc(cmsdigcx->poolp, (cmsdigcx->digcnt+1) sizeof(SecAsn1Item *));
	280	digest = (SecAsn1Item )PORT_ArenaZAlloc(cmsdigcx->poolp, cmsdigcx->digcnt sizeof(SecAsn1Item));
	281	if (digestalgs == NULL \|\| digests == NULL \|\| digest == NULL) {
b1ab9ed8 A	282	goto loser;
	283	}
	284
	285	for (i = 0; i < cmsdigcx->digcnt; i++, digest++) {
d8f41ccd A	286
	287	SECOidTag hash_alg = SECOID_GetAlgorithmTag(cmsdigcx->digestalgs[i]);
	288	int diglength = 0;
	289
	290	switch (hash_alg) {
	291	case SEC_OID_SHA1: diglength = CC_SHA1_DIGEST_LENGTH; break;
	292	case SEC_OID_MD5: diglength = CC_MD5_DIGEST_LENGTH; break;
	293	case SEC_OID_SHA224: diglength = CC_SHA224_DIGEST_LENGTH; break;
	294	case SEC_OID_SHA256: diglength = CC_SHA256_DIGEST_LENGTH; break;
	295	case SEC_OID_SHA384: diglength = CC_SHA384_DIGEST_LENGTH; break;
	296	case SEC_OID_SHA512: diglength = CC_SHA512_DIGEST_LENGTH; break;
	297	default: goto loser; break;
427c49bc A	298	}
427c49bc A	299
d8f41ccd	300	digobj = cmsdigcx->digobjs[i];
b1ab9ed8 A	301	if (digobj)
b1ab9ed8 A	302	{
d8f41ccd	303	digest->Data = (unsigned char*)PORT_ArenaAlloc(cmsdigcx->poolp, diglength);
b1ab9ed8 A	304	if (digest->Data == NULL)
	305	goto loser;
	306	digest->Length = diglength;
d8f41ccd A	307	#if USE_CDSA_CRYPTO
d8f41ccd A	308	CSSM_DigestDataFinal(digobj, digest);
b1ab9ed8	309	CSSM_DeleteContext(digobj);
d8f41ccd A	310	#else
	311	switch (hash_alg) {
	312	case SEC_OID_SHA1: CC_SHA1_Final(digest->Data, digobj); break;
	313	case SEC_OID_MD5: CC_MD5_Final(digest->Data, digobj); break;
	314	case SEC_OID_SHA224: CC_SHA224_Final(digest->Data, digobj); break;
	315	case SEC_OID_SHA256: CC_SHA256_Final(digest->Data, digobj); break;
	316	case SEC_OID_SHA384: CC_SHA384_Final(digest->Data, digobj); break;
	317	case SEC_OID_SHA512: CC_SHA512_Final(digest->Data, digobj); break;
	318	default: goto loser; break;
	319	}
	320
	321	free(digobj);
	322	#endif
	323	digestalgs[i] = cmsdigcx->digestalgs[i];
	324	digests[i] = digest;
b1ab9ed8 A	325	}
	326	else
	327	{
	328	digest->Data = NULL;
	329	digest->Length = 0;
	330	}
d8f41ccd A	331	}
d8f41ccd A	332	digestalgs[i] = NULL;
b1ab9ed8	333	digests[i] = NULL;
d8f41ccd	334	*digestalgsp = digestalgs;
b1ab9ed8 A	335	*digestsp = digests;
	336
	337	rv = SECSuccess;
	338
	339	loser:
	340	if (rv == SECSuccess)
d8f41ccd	341	PORT_ArenaUnmark(cmsdigcx->poolp, mark);
b1ab9ed8	342	else
d8f41ccd	343	PORT_ArenaRelease(cmsdigcx->poolp, mark);
b1ab9ed8	344
d8f41ccd A	345	/cleanup:/
	346	/* Set things up so SecCmsDigestContextDestroy won't call CSSM_DeleteContext again. */
	347	cmsdigcx->digcnt = 0;
b1ab9ed8 A	348
	349	return rv;
	350	}
	351
	352	/*
	353	* SecCmsDigestContextFinishSingle - same as SecCmsDigestContextFinishMultiple,
	354	* but for one digest.
	355	*/
	356	OSStatus
d8f41ccd A	357	SecCmsDigestContextFinishSingle(SecCmsDigestContextRef cmsdigcx,
d8f41ccd A	358	SecAsn1Item * digest)
b1ab9ed8 A	359	{
b1ab9ed8 A	360	OSStatus rv = SECFailure;
d8f41ccd A	361	SecAsn1Item * *dp;
d8f41ccd A	362	SECAlgorithmID **ap;
b1ab9ed8 A	363
b1ab9ed8 A	364	/* get the digests into arena, then copy the first digest into poolp */
d8f41ccd	365	if (SecCmsDigestContextFinishMultiple(cmsdigcx, &ap, &dp) != SECSuccess)
b1ab9ed8 A	366	goto loser;
b1ab9ed8 A	367
d8f41ccd A	368	/* Return the first element in the digest array. */
d8f41ccd A	369	digest = *dp;
b1ab9ed8 A	370
	371	rv = SECSuccess;
	372
	373	loser:
b1ab9ed8 A	374	return rv;
b1ab9ed8 A	375	}