]> git.saurik.com Git - apple/security.git/blob - libsecurity_smime/lib/cmsdecode.c
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-59306.11.20.tar.gz
[apple/security.git] / libsecurity_smime / lib / cmsdecode.c
1 /*
2 * The contents of this file are subject to the Mozilla Public
3 * License Version 1.1 (the "License"); you may not use this file
4 * except in compliance with the License. You may obtain a copy of
5 * the License at http://www.mozilla.org/MPL/
6 *
7 * Software distributed under the License is distributed on an "AS
8 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
9 * implied. See the License for the specific language governing
10 * rights and limitations under the License.
11 *
12 * The Original Code is the Netscape security libraries.
13 *
14 * The Initial Developer of the Original Code is Netscape
15 * Communications Corporation. Portions created by Netscape are
16 * Copyright (C) 1994-2000 Netscape Communications Corporation. All
17 * Rights Reserved.
18 *
19 * Contributor(s):
20 *
21 * Alternatively, the contents of this file may be used under the
22 * terms of the GNU General Public License Version 2 or later (the
23 * "GPL"), in which case the provisions of the GPL are applicable
24 * instead of those above. If you wish to allow use of your
25 * version of this file only under the terms of the GPL and not to
26 * allow others to use your version of this file under the MPL,
27 * indicate your decision by deleting the provisions above and
28 * replace them with the notice and other provisions required by
29 * the GPL. If you do not delete the provisions above, a recipient
30 * may use your version of this file under either the MPL or the
31 * GPL.
32 */
33
34 /*
35 * CMS decoding.
36 */
37
38 #include <Security/SecCmsDecoder.h>
39 #include <Security/SecCmsContentInfo.h>
40 #include <Security/SecCmsDigestContext.h>
41 #include <Security/SecCmsMessage.h>
42
43 #include "cmslocal.h"
44
45 #include "SecAsn1Item.h"
46 #include "secoid.h"
47
48 #include <security_asn1/secasn1.h>
49 #include <security_asn1/secerr.h>
50 #include <security_asn1/secport.h>
51
52 #include <limits.h>
53
54 struct SecCmsDecoderStr {
55 SEC_ASN1DecoderContext * dcx; /* ASN.1 decoder context */
56 SecCmsMessageRef cmsg; /* backpointer to the root message */
57 SECOidTag type; /* type of message */
58 SecCmsContent content; /* pointer to message */
59 SecCmsDecoderRef childp7dcx; /* inner CMS decoder context */
60 Boolean saw_contents;
61 int error;
62 SecCmsContentCallback cb;
63 void * cb_arg;
64 };
65
66 /* We use size_t for len in this function because the SEC_ASN1Decoder* layer
67 uses that for callback function */
68 static void nss_cms_decoder_update_filter (void *arg, const char *data, size_t len,
69 int depth, SEC_ASN1EncodingPart data_kind);
70 static OSStatus nss_cms_before_data(SecCmsDecoderRef p7dcx);
71 static OSStatus nss_cms_after_data(SecCmsDecoderRef p7dcx);
72 static OSStatus nss_cms_after_end(SecCmsDecoderRef p7dcx);
73 static void nss_cms_decoder_work_data(SecCmsDecoderRef p7dcx,
74 const unsigned char *data, size_t len, Boolean final);
75
76 extern const SecAsn1Template SecCmsMessageTemplate[];
77
78 /*
79 * nss_cms_decoder_notify -
80 * this is the driver of the decoding process. It gets called by the ASN.1
81 * decoder before and after an object is decoded.
82 * at various points in the decoding process, we intercept to set up and do
83 * further processing.
84 */
85 static void
86 nss_cms_decoder_notify(void *arg, Boolean before, void *dest, int depth)
87 {
88 SecCmsDecoderRef p7dcx;
89 SecCmsContentInfoRef rootcinfo, cinfo;
90 Boolean after = !before;
91
92 p7dcx = (SecCmsDecoderRef)arg;
93 rootcinfo = &(p7dcx->cmsg->contentInfo);
94
95 /* XXX error handling: need to set p7dcx->error */
96
97 #ifdef CMSDEBUG
98 fprintf(stderr, "%6.6s, dest = 0x%08x, depth = %d\n", before ? "before" : "after", dest, depth);
99 #endif
100
101 /* so what are we working on right now? */
102 switch (p7dcx->type) {
103 case SEC_OID_UNKNOWN:
104 /*
105 * right now, we are still decoding the OUTER (root) cinfo
106 * As soon as we know the inner content type, set up the info,
107 * but NO inner decoder or filter. The root decoder handles the first
108 * level children by itself - only for encapsulated contents (which
109 * are encoded as DER inside of an OCTET STRING) we need to set up a
110 * child decoder...
111 */
112 if (after && dest == &(rootcinfo->contentType)) {
113 p7dcx->type = SecCmsContentInfoGetContentTypeTag(rootcinfo);
114 p7dcx->content = rootcinfo->content; /* is this ready already ? need to alloc? */
115 /* XXX yes we need to alloc -- continue here */
116 }
117 break;
118 case SEC_OID_PKCS7_DATA:
119 /* this can only happen if the outermost cinfo has DATA in it */
120 /* otherwise, we handle this type implicitely in the inner decoders */
121
122 if (before && dest == &(rootcinfo->content)) {
123 /* fake it to cause the filter to put the data in the right place... */
124 /* we want the ASN.1 decoder to deliver the decoded bytes to us from now on */
125 SEC_ASN1DecoderSetFilterProc(p7dcx->dcx,
126 nss_cms_decoder_update_filter,
127 p7dcx,
128 (Boolean)(p7dcx->cb != NULL));
129 break;
130 }
131
132 if (after && dest == &(rootcinfo->content.data)) {
133 /* remove the filter */
134 SEC_ASN1DecoderClearFilterProc(p7dcx->dcx);
135 }
136 break;
137
138 case SEC_OID_PKCS7_SIGNED_DATA:
139 case SEC_OID_PKCS7_ENVELOPED_DATA:
140 case SEC_OID_PKCS7_DIGESTED_DATA:
141 case SEC_OID_PKCS7_ENCRYPTED_DATA:
142
143 if (before && dest == &(rootcinfo->content))
144 break; /* we're not there yet */
145
146 if (p7dcx->content.pointer == NULL)
147 p7dcx->content = rootcinfo->content;
148
149 /* get this data type's inner contentInfo */
150 cinfo = SecCmsContentGetContentInfo(p7dcx->content.pointer, p7dcx->type);
151
152 if (before && dest == &(cinfo->contentType)) {
153 /* at this point, set up the &%$&$ back pointer */
154 /* we cannot do it later, because the content itself is optional! */
155 /* please give me C++ */
156 switch (p7dcx->type) {
157 case SEC_OID_PKCS7_SIGNED_DATA:
158 p7dcx->content.signedData->contentInfo.cmsg = p7dcx->cmsg;
159 break;
160 case SEC_OID_PKCS7_DIGESTED_DATA:
161 p7dcx->content.digestedData->contentInfo.cmsg = p7dcx->cmsg;
162 break;
163 case SEC_OID_PKCS7_ENVELOPED_DATA:
164 p7dcx->content.envelopedData->contentInfo.cmsg = p7dcx->cmsg;
165 break;
166 case SEC_OID_PKCS7_ENCRYPTED_DATA:
167 p7dcx->content.encryptedData->contentInfo.cmsg = p7dcx->cmsg;
168 break;
169 default:
170 PORT_Assert(0);
171 break;
172 }
173 }
174
175 if (before && dest == &(cinfo->rawContent)) {
176 /* we want the ASN.1 decoder to deliver the decoded bytes to us from now on */
177 SEC_ASN1DecoderSetFilterProc(p7dcx->dcx, nss_cms_decoder_update_filter,
178 p7dcx, (Boolean)(p7dcx->cb != NULL));
179
180
181 /* we're right in front of the data */
182 if (nss_cms_before_data(p7dcx) != SECSuccess) {
183 SEC_ASN1DecoderClearFilterProc(p7dcx->dcx); /* stop all processing */
184 p7dcx->error = PORT_GetError();
185 PORT_SetError(0);
186 }
187 }
188 if (after && dest == &(cinfo->rawContent)) {
189 /* we're right after of the data */
190 if (nss_cms_after_data(p7dcx) != SECSuccess) {
191 p7dcx->error = PORT_GetError();
192 PORT_SetError(0);
193 }
194
195 /* we don't need to see the contents anymore */
196 SEC_ASN1DecoderClearFilterProc(p7dcx->dcx);
197 }
198 break;
199
200 #if 0 /* NIH */
201 case SEC_OID_PKCS7_AUTHENTICATED_DATA:
202 #endif
203 default:
204 /* unsupported or unknown message type - fail (more or less) gracefully */
205 p7dcx->error = SEC_ERROR_UNSUPPORTED_MESSAGE_TYPE;
206 break;
207 }
208 }
209
210 /*
211 * nss_cms_before_data - set up the current encoder to receive data
212 */
213 static OSStatus
214 nss_cms_before_data(SecCmsDecoderRef p7dcx)
215 {
216 OSStatus rv;
217 SECOidTag childtype;
218 PLArenaPool *poolp;
219 SecCmsDecoderRef childp7dcx;
220 SecCmsContentInfoRef cinfo;
221 const SecAsn1Template *template;
222 void *mark = NULL;
223 size_t size;
224
225 poolp = p7dcx->cmsg->poolp;
226
227 /* call _Decode_BeforeData handlers */
228 switch (p7dcx->type) {
229 case SEC_OID_PKCS7_SIGNED_DATA:
230 /* we're decoding a signedData, so set up the digests */
231 rv = SecCmsSignedDataDecodeBeforeData(p7dcx->content.signedData);
232 if (rv != SECSuccess)
233 return SECFailure;
234 break;
235 case SEC_OID_PKCS7_DIGESTED_DATA:
236 /* we're encoding a digestedData, so set up the digest */
237 rv = SecCmsDigestedDataDecodeBeforeData(p7dcx->content.digestedData);
238 if (rv != SECSuccess)
239 return SECFailure;
240 break;
241 case SEC_OID_PKCS7_ENVELOPED_DATA:
242 rv = SecCmsEnvelopedDataDecodeBeforeData(p7dcx->content.envelopedData);
243 if (rv != SECSuccess)
244 return SECFailure;
245 break;
246 case SEC_OID_PKCS7_ENCRYPTED_DATA:
247 rv = SecCmsEncryptedDataDecodeBeforeData(p7dcx->content.encryptedData);
248 if (rv != SECSuccess)
249 return SECFailure;
250 break;
251 default:
252 return SECFailure;
253 }
254
255 /* ok, now we have a pointer to cinfo */
256 /* find out what kind of data is encapsulated */
257
258 cinfo = SecCmsContentGetContentInfo(p7dcx->content.pointer, p7dcx->type);
259 childtype = SecCmsContentInfoGetContentTypeTag(cinfo);
260
261 if (childtype == SEC_OID_PKCS7_DATA) {
262 cinfo->content.data = SECITEM_AllocItem(poolp, NULL, 0);
263 if (cinfo->content.data == NULL)
264 /* set memory error */
265 return SECFailure;
266
267 p7dcx->childp7dcx = NULL;
268 return SECSuccess;
269 }
270
271 /* set up inner decoder */
272
273 if ((template = SecCmsUtilGetTemplateByTypeTag(childtype)) == NULL)
274 return SECFailure;
275
276 childp7dcx = (SecCmsDecoderRef)PORT_ZAlloc(sizeof(struct SecCmsDecoderStr));
277 if (childp7dcx == NULL)
278 return SECFailure;
279
280 mark = PORT_ArenaMark(poolp);
281
282 /* allocate space for the stuff we're creating */
283 size = SecCmsUtilGetSizeByTypeTag(childtype);
284 childp7dcx->content.pointer = (void *)PORT_ArenaZAlloc(poolp, size);
285 if (childp7dcx->content.pointer == NULL)
286 goto loser;
287
288 /* start the child decoder */
289 childp7dcx->dcx = SEC_ASN1DecoderStart(poolp, childp7dcx->content.pointer, template, NULL, 0);
290 if (childp7dcx->dcx == NULL)
291 goto loser;
292
293 /* the new decoder needs to notify, too */
294 SEC_ASN1DecoderSetNotifyProc(childp7dcx->dcx, nss_cms_decoder_notify, childp7dcx);
295
296 /* tell the parent decoder that it needs to feed us the content data */
297 p7dcx->childp7dcx = childp7dcx;
298
299 childp7dcx->type = childtype; /* our type */
300
301 childp7dcx->cmsg = p7dcx->cmsg; /* backpointer to root message */
302
303 /* should the child decoder encounter real data, it needs to give it to the caller */
304 childp7dcx->cb = p7dcx->cb;
305 childp7dcx->cb_arg = p7dcx->cb_arg;
306
307 /* now set up the parent to hand decoded data to the next level decoder */
308 p7dcx->cb = (SecCmsContentCallback)SecCmsDecoderUpdate;
309 p7dcx->cb_arg = childp7dcx;
310
311 PORT_ArenaUnmark(poolp, mark);
312
313 return SECSuccess;
314
315 loser:
316 if (mark)
317 PORT_ArenaRelease(poolp, mark);
318 if (childp7dcx)
319 PORT_Free(childp7dcx);
320 p7dcx->childp7dcx = NULL;
321 return SECFailure;
322 }
323
324 static OSStatus
325 nss_cms_after_data(SecCmsDecoderRef p7dcx)
326 {
327 SecCmsDecoderRef childp7dcx;
328 OSStatus rv = SECFailure;
329
330 /* Handle last block. This is necessary to flush out the last bytes
331 * of a possibly incomplete block */
332 nss_cms_decoder_work_data(p7dcx, NULL, 0, PR_TRUE);
333
334 /* finish any "inner" decoders - there's no more data coming... */
335 if (p7dcx->childp7dcx != NULL) {
336 childp7dcx = p7dcx->childp7dcx;
337 if (childp7dcx->dcx != NULL) {
338 if (SEC_ASN1DecoderFinish(childp7dcx->dcx) != SECSuccess) {
339 /* do what? free content? */
340 rv = SECFailure;
341 } else {
342 rv = nss_cms_after_end(childp7dcx);
343 }
344 if (rv != SECSuccess)
345 goto done;
346 }
347 PORT_Free(p7dcx->childp7dcx);
348 p7dcx->childp7dcx = NULL;
349 }
350
351 switch (p7dcx->type) {
352 case SEC_OID_PKCS7_SIGNED_DATA:
353 /* this will finish the digests and verify */
354 rv = SecCmsSignedDataDecodeAfterData(p7dcx->content.signedData);
355 break;
356 case SEC_OID_PKCS7_ENVELOPED_DATA:
357 rv = SecCmsEnvelopedDataDecodeAfterData(p7dcx->content.envelopedData);
358 break;
359 case SEC_OID_PKCS7_DIGESTED_DATA:
360 rv = SecCmsDigestedDataDecodeAfterData(p7dcx->content.digestedData);
361 break;
362 case SEC_OID_PKCS7_ENCRYPTED_DATA:
363 rv = SecCmsEncryptedDataDecodeAfterData(p7dcx->content.encryptedData);
364 break;
365 case SEC_OID_PKCS7_DATA:
366 /* do nothing */
367 break;
368 default:
369 rv = SECFailure;
370 break;
371 }
372 done:
373 return rv;
374 }
375
376 static OSStatus
377 nss_cms_after_end(SecCmsDecoderRef p7dcx)
378 {
379 OSStatus rv;
380
381 switch (p7dcx->type) {
382 case SEC_OID_PKCS7_SIGNED_DATA:
383 rv = SecCmsSignedDataDecodeAfterEnd(p7dcx->content.signedData);
384 break;
385 case SEC_OID_PKCS7_ENVELOPED_DATA:
386 rv = SecCmsEnvelopedDataDecodeAfterEnd(p7dcx->content.envelopedData);
387 break;
388 case SEC_OID_PKCS7_DIGESTED_DATA:
389 rv = SecCmsDigestedDataDecodeAfterEnd(p7dcx->content.digestedData);
390 break;
391 case SEC_OID_PKCS7_ENCRYPTED_DATA:
392 rv = SecCmsEncryptedDataDecodeAfterEnd(p7dcx->content.encryptedData);
393 break;
394 case SEC_OID_PKCS7_DATA:
395 rv = SECSuccess;
396 break;
397 default:
398 rv = SECFailure; /* we should not have got that far... */
399 break;
400 }
401 return rv;
402 }
403
404 /*
405 * nss_cms_decoder_work_data - handle decoded data bytes.
406 *
407 * This function either decrypts the data if needed, and/or calculates digests
408 * on it, then either stores it or passes it on to the next level decoder.
409 */
410 static void
411 nss_cms_decoder_work_data(SecCmsDecoderRef p7dcx,
412 const unsigned char *data, size_t len,
413 Boolean final)
414 {
415 SecCmsContentInfoRef cinfo;
416 unsigned char *buf = NULL;
417 unsigned char *dest;
418 size_t offset;
419 OSStatus rv;
420 SecAsn1Item * storage;
421
422 /*
423 * We should really have data to process, or we should be trying
424 * to finish/flush the last block. (This is an overly paranoid
425 * check since all callers are in this file and simple inspection
426 * proves they do it right. But it could find a bug in future
427 * modifications/development, that is why it is here.)
428 */
429 if (((data == NULL || len == 0) && !final) ||
430 len > UINT_MAX) {
431 goto loser;
432 }
433
434 if (!p7dcx->content.pointer) // might be ExContent??
435 return;
436
437 cinfo = SecCmsContentGetContentInfo(p7dcx->content.pointer, p7dcx->type);
438
439 if (cinfo->ciphcx != NULL) {
440 /*
441 * we are decrypting.
442 *
443 * XXX If we get an error, we do not want to do the digest or callback,
444 * but we want to keep decoding. Or maybe we want to stop decoding
445 * altogether if there is a callback, because obviously we are not
446 * sending the data back and they want to know that.
447 */
448
449 unsigned int outlen = 0; /* length of decrypted data */
450 unsigned int buflen; /* length available for decrypted data */
451
452 /* find out about the length of decrypted data */
453 /* 64 bits cast: Worst case here is we may not decrypt the full CMS blob, if the blob is bigger than 4GB */
454 buflen = SecCmsCipherContextDecryptLength(cinfo->ciphcx, (unsigned int)len, final);
455
456 /*
457 * it might happen that we did not provide enough data for a full
458 * block (decryption unit), and that there is no output available
459 */
460
461 /* no output available, AND no input? */
462 if (buflen == 0 && len == 0)
463 goto loser; /* bail out */
464
465 /*
466 * have inner decoder: pass the data on (means inner content type is NOT data)
467 * no inner decoder: we have DATA in here: either call callback or store
468 */
469 if (buflen != 0) {
470 /* there will be some output - need to make room for it */
471 /* allocate buffer from the heap */
472 buf = (unsigned char *)PORT_Alloc(buflen);
473 if (buf == NULL) {
474 p7dcx->error = SEC_ERROR_NO_MEMORY;
475 goto loser;
476 }
477 }
478
479 /*
480 * decrypt incoming data
481 * buf can still be NULL here (and buflen == 0) here if we don't expect
482 * any output (see above), but we still need to call SecCmsCipherContextDecrypt to
483 * keep track of incoming data
484 */
485 rv = SecCmsCipherContextDecrypt(cinfo->ciphcx, buf, &outlen, buflen,
486 data, (unsigned int)len, final);
487 if (rv != SECSuccess) {
488 p7dcx->error = PORT_GetError();
489 goto loser;
490 }
491
492 //PORT_Assert (final || outlen == buflen);
493
494 /* swap decrypted data in */
495 data = buf;
496 len = outlen;
497 }
498
499 if (len == 0)
500 goto done; /* nothing more to do */
501
502 /*
503 * Update the running digests with plaintext bytes (if we need to).
504 */
505 if (cinfo->digcx)
506 SecCmsDigestContextUpdate(cinfo->digcx, data, len);
507
508 /* at this point, we have the plain decoded & decrypted data */
509 /* which is either more encoded DER which we need to hand to the child decoder */
510 /* or data we need to hand back to our caller */
511
512 /* pass the content back to our caller or */
513 /* feed our freshly decrypted and decoded data into child decoder */
514 if (p7dcx->cb != NULL) {
515 (*p7dcx->cb)(p7dcx->cb_arg, (const char *)data, len);
516 } else if (SecCmsContentInfoGetContentTypeTag(cinfo) == SEC_OID_PKCS7_DATA) {
517 /* store it in "inner" data item as well */
518 /* find the DATA item in the encapsulated cinfo and store it there */
519 storage = cinfo->content.data;
520
521 offset = storage->Length;
522
523 /* check for potential overflow */
524 if (len >= (size_t)(INT_MAX - storage->Length)) {
525 p7dcx->error = SEC_ERROR_NO_MEMORY;
526 goto loser;
527 }
528
529 if (storage->Length == 0) {
530 dest = (unsigned char *)PORT_ArenaAlloc(p7dcx->cmsg->poolp, len);
531 } else {
532 dest = (unsigned char *)PORT_ArenaGrow(p7dcx->cmsg->poolp,
533 storage->Data,
534 storage->Length,
535 storage->Length + len);
536 }
537 if (dest == NULL) {
538 p7dcx->error = SEC_ERROR_NO_MEMORY;
539 goto loser;
540 }
541
542 storage->Data = dest;
543 storage->Length += len;
544
545 /* copy it in */
546 if (data != NULL) {
547 PORT_Memcpy(storage->Data + offset, data, len);
548 }
549 }
550
551 done:
552 loser:
553 if (buf)
554 PORT_Free (buf);
555 }
556
557 /*
558 * nss_cms_decoder_update_filter - process ASN.1 data
559 *
560 * once we have set up a filter in nss_cms_decoder_notify(),
561 * all data processed by the ASN.1 decoder is also passed through here.
562 * we pass the content bytes (as opposed to length and tag bytes) on to
563 * nss_cms_decoder_work_data().
564 *
565 * len has to be of type size_t because it is a callback to the
566 * SEC_ASN1Decoder layer
567 */
568 static void
569 nss_cms_decoder_update_filter (void *arg, const char *data, size_t len,
570 int depth, SEC_ASN1EncodingPart data_kind)
571 {
572 SecCmsDecoderRef p7dcx;
573
574 PORT_Assert (len); /* paranoia */
575 if (len == 0)
576 return;
577
578 p7dcx = (SecCmsDecoderRef)arg;
579
580 p7dcx->saw_contents = PR_TRUE;
581
582 /* pass on the content bytes only */
583 if (data_kind == SEC_ASN1_Contents)
584 nss_cms_decoder_work_data(p7dcx, (const unsigned char *) data, len, PR_FALSE);
585 }
586
587 /*
588 * SecCmsDecoderCreate - set up decoding of a BER-encoded CMS message
589 */
590 OSStatus
591 SecCmsDecoderCreate(SecCmsContentCallback cb, void *cb_arg,
592 PK11PasswordFunc pwfn, void *pwfn_arg,
593 SecCmsGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg,
594 SecCmsDecoderRef *outDecoder)
595 {
596 SecCmsDecoderRef p7dcx;
597 SecCmsMessageRef cmsg;
598 OSStatus result;
599
600 /* Clear the thread error to clean up dirty threads */
601 PORT_SetError(0);
602
603 cmsg = SecCmsMessageCreate();
604 if (cmsg == NULL)
605 goto loser;
606
607 SecCmsMessageSetEncodingParams(cmsg, pwfn, pwfn_arg, decrypt_key_cb, decrypt_key_cb_arg);
608
609 p7dcx = (SecCmsDecoderRef)PORT_ZAlloc(sizeof(struct SecCmsDecoderStr));
610 if (p7dcx == NULL) {
611 SecCmsMessageDestroy(cmsg);
612 goto loser;
613 }
614
615 p7dcx->dcx = SEC_ASN1DecoderStart(cmsg->poolp, cmsg, SecCmsMessageTemplate, NULL, 0);
616 if (p7dcx->dcx == NULL) {
617 PORT_Free (p7dcx);
618 SecCmsMessageDestroy(cmsg);
619 goto loser;
620 }
621
622 SEC_ASN1DecoderSetNotifyProc (p7dcx->dcx, nss_cms_decoder_notify, p7dcx);
623
624 p7dcx->cmsg = cmsg;
625 p7dcx->type = SEC_OID_UNKNOWN;
626
627 p7dcx->cb = cb;
628 p7dcx->cb_arg = cb_arg;
629
630 *outDecoder = p7dcx;
631 return errSecSuccess;
632
633 loser:
634 result = PORT_GetError();
635 PORT_SetError(0); // Clean the thread error since we've returned the error
636 return result;
637 }
638
639 /*
640 * SecCmsDecoderUpdate - feed DER-encoded data to decoder
641 */
642 OSStatus
643 SecCmsDecoderUpdate(SecCmsDecoderRef p7dcx, const void *buf, CFIndex len)
644 {
645 if (!p7dcx) {
646 return errSecParam;
647 }
648
649 if (p7dcx->dcx != NULL && p7dcx->error == 0) { /* if error is set already, don't bother */
650 if (SEC_ASN1DecoderUpdate (p7dcx->dcx, buf, len) != SECSuccess) {
651 p7dcx->error = PORT_GetError();
652 PORT_Assert (p7dcx->error);
653 if (p7dcx->error == 0)
654 p7dcx->error = -1;
655 }
656 }
657
658 if (p7dcx->error == 0)
659 return 0;
660
661 /* there has been a problem, let's finish the decoder */
662 if (p7dcx->dcx != NULL) {
663 /* @@@ Change this to SEC_ASN1DecoderAbort()? */
664 (void) SEC_ASN1DecoderFinish (p7dcx->dcx);
665 p7dcx->dcx = NULL;
666 }
667
668 PORT_SetError (0); // Clean the thread error since we've returned the error
669
670 return p7dcx->error;
671 }
672
673 /*
674 * SecCmsDecoderDestroy - stop decoding in case of error
675 */
676 void
677 SecCmsDecoderDestroy(SecCmsDecoderRef p7dcx)
678 {
679 /* SecCmsMessageDestroy frees inner decoders and digests. */
680 SecCmsMessageDestroy(p7dcx->cmsg);
681 p7dcx->cmsg = NULL;
682 if (p7dcx->dcx)
683 (void)SEC_ASN1DecoderFinish(p7dcx->dcx);
684 /* Clear out references */
685 p7dcx->cmsg = NULL;
686 p7dcx->dcx = NULL;
687 p7dcx->childp7dcx = NULL;
688 PORT_Free(p7dcx);
689 }
690
691 /*
692 * SecCmsDecoderFinish - mark the end of inner content and finish decoding
693 */
694 OSStatus
695 SecCmsDecoderFinish(SecCmsDecoderRef p7dcx, SecCmsMessageRef *outMessage)
696 {
697 SecCmsMessageRef cmsg;
698 OSStatus result;
699
700 cmsg = p7dcx->cmsg;
701
702 if (p7dcx->dcx == NULL || SEC_ASN1DecoderFinish(p7dcx->dcx) != SECSuccess ||
703 nss_cms_after_end(p7dcx) != SECSuccess)
704 {
705 if (p7dcx->cmsg) {
706 SecCmsMessageDestroy(cmsg);
707 }
708 result = PORT_GetError();
709 goto loser;
710 }
711
712 *outMessage = cmsg;
713 result = errSecSuccess;
714
715 loser:
716 /* Clear out references */
717 p7dcx->cmsg = NULL;
718 p7dcx->dcx = NULL;
719 p7dcx->childp7dcx = NULL;
720 PORT_Free(p7dcx);
721 PORT_SetError(0); // Clean the thread error since we've returned the error
722 return result;
723 }
724
725 OSStatus
726 SecCmsMessageDecode(const SecAsn1Item *encodedMessage,
727 SecCmsContentCallback cb, void *cb_arg,
728 PK11PasswordFunc pwfn, void *pwfn_arg,
729 SecCmsGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg,
730 SecCmsMessageRef *outMessage)
731 {
732 OSStatus result;
733 SecCmsDecoderRef decoder = NULL;
734
735 result = SecCmsDecoderCreate(cb, cb_arg, pwfn, pwfn_arg, decrypt_key_cb, decrypt_key_cb_arg, &decoder);
736 if (result)
737 goto loser;
738 result = SecCmsDecoderUpdate(decoder, encodedMessage->Data, encodedMessage->Length);
739 if (result) {
740 SecCmsDecoderDestroy(decoder);
741 goto loser;
742 }
743
744 result = SecCmsDecoderFinish(decoder, outMessage);
745 loser:
746 return result;
747 }
mirror of Security