OSX/libsecurity_smime/lib/cmsdigest.c

   1 /*
   2  * The contents of this file are subject to the Mozilla Public
   3  * License Version 1.1 (the "License"); you may not use this file
   4  * except in compliance with the License. You may obtain a copy of
   5  * the License at http://www.mozilla.org/MPL/
   6  *
   7  * Software distributed under the License is distributed on an "AS
   8  * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
   9  * implied. See the License for the specific language governing
  10  * rights and limitations under the License.
  11  *
  12  * The Original Code is the Netscape security libraries.
  13  *
  14  * The Initial Developer of the Original Code is Netscape
  15  * Communications Corporation.  Portions created by Netscape are
  16  * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
  17  * Rights Reserved.
  18  *
  19  * Contributor(s):
  20  *
  21  * Alternatively, the contents of this file may be used under the
  22  * terms of the GNU General Public License Version 2 or later (the
  23  * "GPL"), in which case the provisions of the GPL are applicable
  24  * instead of those above.  If you wish to allow use of your
  25  * version of this file only under the terms of the GPL and not to
  26  * allow others to use your version of this file under the MPL,
  27  * indicate your decision by deleting the provisions above and
  28  * replace them with the notice and other provisions required by
  29  * the GPL.  If you do not delete the provisions above, a recipient
  30  * may use your version of this file under either the MPL or the
  31  * GPL.
  32  */
  33
  34 /*
  35  * CMS digesting.
  36  */
  37
  38 #include "cmslocal.h"
  39
  40 #include "secitem.h"
  41 #include "secoid.h"
  42
  43 #include <security_asn1/secerr.h>
  44 #include <Security/cssmapi.h>
  45
  46 #include <Security/SecCmsDigestContext.h>
  47
  48 /* Return the maximum value between S and T */
  49 #define MAX(S, T) ({__typeof__(S) _max_s = S; __typeof__(T) _max_t = T; _max_s > _max_t ? _max_s : _max_t;})
  50
  51 struct SecCmsDigestContextStr {
  52     Boolean             saw_contents;
  53     int                 digcnt;
  54     CSSM_CC_HANDLE *    digobjs;
  55 };
  56
  57 /*
  58  * SecCmsDigestContextStartMultiple - start digest calculation using all the
  59  *  digest algorithms in "digestalgs" in parallel.
  60  */
  61 SecCmsDigestContextRef
  62 SecCmsDigestContextStartMultiple(SECAlgorithmID **digestalgs)
  63 {
  64     SecCmsDigestContextRef cmsdigcx;
  65     CSSM_CC_HANDLE digobj;
  66     int digcnt;
  67     int i;
  68
  69     digcnt = (digestalgs == NULL) ? 0 : SecCmsArrayCount((void **)digestalgs);
  70
  71     cmsdigcx = (SecCmsDigestContextRef)PORT_ZAlloc(sizeof(struct SecCmsDigestContextStr));
  72     if (cmsdigcx == NULL)
  73         return NULL;
  74
  75     if (digcnt > 0) {
  76         /* Security check to prevent under-allocation */
  77         if (digcnt >= (int)(INT_MAX/sizeof(CSSM_CC_HANDLE))) {
  78             goto loser;
  79         }
  80         cmsdigcx->digobjs = (CSSM_CC_HANDLE *)PORT_ZAlloc(digcnt * sizeof(CSSM_CC_HANDLE));
  81         if (cmsdigcx->digobjs == NULL)
  82             goto loser;
  83     }
  84
  85     cmsdigcx->digcnt = 0;
  86
  87     /*
  88      * Create a digest object context for each algorithm.
  89      */
  90     for (i = 0; i < digcnt; i++) {
  91         digobj = SecCmsUtilGetHashObjByAlgID(digestalgs[i]);
  92         /*
  93          * Skip any algorithm we do not even recognize; obviously,
  94          * this could be a problem, but if it is critical then the
  95          * result will just be that the signature does not verify.
  96          * We do not necessarily want to error out here, because
  97          * the particular algorithm may not actually be important,
  98          * but we cannot know that until later.
  99          */
 100         if (digobj)
 101         {
 102             CSSM_RETURN result;
 103             result = CSSM_DigestDataInit(digobj);
 104             if (result != CSSM_OK)
 105             {
 106                 goto loser;
 107             }
 108         }
 109
 110         cmsdigcx->digobjs[cmsdigcx->digcnt] = digobj;
 111         cmsdigcx->digcnt++;
 112     }
 113
 114     cmsdigcx->saw_contents = PR_FALSE;
 115
 116     return cmsdigcx;
 117
 118 loser:
 119     if (cmsdigcx) {
 120         if (cmsdigcx->digobjs) {
 121             PORT_Free(cmsdigcx->digobjs);
 122             cmsdigcx->digobjs = NULL;
 123             cmsdigcx->digcnt = 0;
 124         }
 125     }
 126     return NULL;
 127 }
 128
 129 /*
 130  * SecCmsDigestContextStartSingle - same as SecCmsDigestContextStartMultiple, but
 131  *  only one algorithm.
 132  */
 133 SecCmsDigestContextRef
 134 SecCmsDigestContextStartSingle(SECAlgorithmID *digestalg)
 135 {
 136     SECAlgorithmID *digestalgs[] = { NULL, NULL };              /* fake array */
 137
 138     digestalgs[0] = digestalg;
 139     return SecCmsDigestContextStartMultiple(digestalgs);
 140 }
 141
 142 /*
 143  * SecCmsDigestContextUpdate - feed more data into the digest machine
 144  */
 145 void
 146 SecCmsDigestContextUpdate(SecCmsDigestContextRef cmsdigcx, const unsigned char *data, size_t len)
 147 {
 148     CSSM_DATA dataBuf;
 149     int i;
 150
 151     dataBuf.Length = len;
 152     dataBuf.Data = (uint8 *)data;
 153     cmsdigcx->saw_contents = PR_TRUE;
 154     for (i = 0; i < cmsdigcx->digcnt; i++)
 155         if (cmsdigcx->digobjs && cmsdigcx->digobjs[i])
 156             CSSM_DigestDataUpdate(cmsdigcx->digobjs[i], &dataBuf, 1);
 157 }
 158
 159 /*
 160  * SecCmsDigestContextCancel - cancel digesting operation
 161  */
 162 void
 163 SecCmsDigestContextCancel(SecCmsDigestContextRef cmsdigcx)
 164 {
 165     int i;
 166
 167     for (i = 0; i < cmsdigcx->digcnt; i++)
 168         if (cmsdigcx->digobjs && cmsdigcx->digobjs[i]) {
 169             CSSM_DeleteContext(cmsdigcx->digobjs[i]);
 170             cmsdigcx->digobjs[i] = 0;
 171         }
 172 }
 173
 174 /*
 175  * SecCmsDigestContextFinishMultiple - finish the digests and put them
 176  *  into an array of CSSM_DATAs (allocated on poolp)
 177  */
 178 OSStatus
 179 SecCmsDigestContextFinishMultiple(SecCmsDigestContextRef cmsdigcx, SecArenaPoolRef poolp,
 180                             CSSM_DATA_PTR **digestsp)
 181 {
 182     CSSM_CC_HANDLE digobj;
 183     CSSM_DATA_PTR *digests, digest;
 184     int i;
 185     void *mark;
 186     OSStatus rv = SECFailure;
 187
 188     /* no contents? do not update digests */
 189     if (digestsp == NULL || !cmsdigcx->saw_contents) {
 190         for (i = 0; i < cmsdigcx->digcnt; i++)
 191             if (cmsdigcx->digobjs && cmsdigcx->digobjs[i]) {
 192                 CSSM_DeleteContext(cmsdigcx->digobjs[i]);
 193                 cmsdigcx->digobjs[i] = 0;
 194             }
 195         rv = SECSuccess;
 196         if (digestsp)
 197             *digestsp = NULL;
 198         goto cleanup;
 199     }
 200
 201     mark = PORT_ArenaMark ((PLArenaPool *)poolp);
 202
 203     /* Security check to prevent under-allocation */
 204     if (cmsdigcx->digcnt >= (int)((INT_MAX/(MAX(sizeof(CSSM_DATA_PTR),sizeof(CSSM_DATA))))-1)) {
 205         goto loser;
 206     }
 207     /* allocate digest array & CSSM_DATAs on arena */
 208     digests = (CSSM_DATA_PTR *)PORT_ArenaAlloc((PLArenaPool *)poolp, (cmsdigcx->digcnt+1) * sizeof(CSSM_DATA_PTR));
 209     digest = (CSSM_DATA_PTR)PORT_ArenaZAlloc((PLArenaPool *)poolp, cmsdigcx->digcnt * sizeof(CSSM_DATA));
 210     if (digests == NULL || digest == NULL) {
 211         goto loser;
 212     }
 213
 214     for (i = 0; i < cmsdigcx->digcnt; i++, digest++) {
 215         if (cmsdigcx->digobjs) {
 216             digobj = cmsdigcx->digobjs[i];
 217         } else {
 218             digobj = 0;
 219         }
 220
 221         CSSM_QUERY_SIZE_DATA dataSize;
 222         rv = CSSM_QuerySize(digobj, CSSM_FALSE, 1, &dataSize);
 223         if (rv != CSSM_OK)
 224         {
 225             goto loser;
 226         }
 227
 228         int diglength = dataSize.SizeOutputBlock;
 229
 230         if (digobj)
 231         {
 232             digest->Data = (unsigned char*)PORT_ArenaAlloc((PLArenaPool *)poolp, diglength);
 233             if (digest->Data == NULL)
 234                 goto loser;
 235             digest->Length = diglength;
 236             rv = CSSM_DigestDataFinal(digobj, digest);
 237             if (rv != CSSM_OK)
 238             {
 239                 goto loser;
 240             }
 241
 242             CSSM_DeleteContext(digobj);
 243             cmsdigcx->digobjs[i] = 0;
 244         }
 245         else
 246         {
 247             digest->Data = NULL;
 248             digest->Length = 0;
 249         }
 250
 251         digests[i] = digest;
 252    }
 253     digests[i] = NULL;
 254     *digestsp = digests;
 255
 256     rv = SECSuccess;
 257
 258 loser:
 259     if (rv == SECSuccess)
 260         PORT_ArenaUnmark((PLArenaPool *)poolp, mark);
 261     else
 262         PORT_ArenaRelease((PLArenaPool *)poolp, mark);
 263
 264 cleanup:
 265     if (cmsdigcx->digcnt > 0) {
 266         PORT_Free(cmsdigcx->digobjs);
 267         cmsdigcx->digobjs = NULL;
 268         cmsdigcx->digcnt = 0;
 269     }
 270     PORT_Free(cmsdigcx);
 271
 272     return rv;
 273 }
 274
 275 /*
 276  * SecCmsDigestContextFinishSingle - same as SecCmsDigestContextFinishMultiple,
 277  *  but for one digest.
 278  */
 279 OSStatus
 280 SecCmsDigestContextFinishSingle(SecCmsDigestContextRef cmsdigcx, SecArenaPoolRef poolp,
 281                             CSSM_DATA_PTR digest)
 282 {
 283     OSStatus rv = SECFailure;
 284     CSSM_DATA_PTR *dp;
 285     PLArenaPool *arena = NULL;
 286
 287     if ((arena = PORT_NewArena(1024)) == NULL)
 288         goto loser;
 289
 290     /* get the digests into arena, then copy the first digest into poolp */
 291     if (SecCmsDigestContextFinishMultiple(cmsdigcx, (SecArenaPoolRef)arena, &dp) != SECSuccess)
 292         goto loser;
 293
 294     /* now copy it into poolp */
 295     if (SECITEM_CopyItem((PLArenaPool *)poolp, digest, dp[0]) != SECSuccess)
 296         goto loser;
 297
 298     rv = SECSuccess;
 299
 300 loser:
 301     if (arena)
 302         PORT_FreeArena(arena, PR_FALSE);
 303
 304     return rv;
 305 }