OLD | NEW |
1 /* ***** BEGIN LICENSE BLOCK ***** | 1 /* ***** BEGIN LICENSE BLOCK ***** |
2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
3 * | 3 * |
4 * The contents of this file are subject to the Mozilla Public License Version | 4 * The contents of this file are subject to the Mozilla Public License Version |
5 * 1.1 (the "License"); you may not use this file except in compliance with | 5 * 1.1 (the "License"); you may not use this file except in compliance with |
6 * the License. You may obtain a copy of the License at | 6 * the License. You may obtain a copy of the License at |
7 * http://www.mozilla.org/MPL/ | 7 * http://www.mozilla.org/MPL/ |
8 * | 8 * |
9 * Software distributed under the License is distributed on an "AS IS" basis, | 9 * Software distributed under the License is distributed on an "AS IS" basis, |
10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License | 10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License |
(...skipping 19 matching lines...) Expand all Loading... |
30 * decision by deleting the provisions above and replace them with the notice | 30 * decision by deleting the provisions above and replace them with the notice |
31 * and other provisions required by the GPL or the LGPL. If you do not delete | 31 * and other provisions required by the GPL or the LGPL. If you do not delete |
32 * the provisions above, a recipient may use your version of this file under | 32 * the provisions above, a recipient may use your version of this file under |
33 * the terms of any one of the MPL, the GPL or the LGPL. | 33 * the terms of any one of the MPL, the GPL or the LGPL. |
34 * | 34 * |
35 * ***** END LICENSE BLOCK ***** */ | 35 * ***** END LICENSE BLOCK ***** */ |
36 | 36 |
37 /* | 37 /* |
38 * PKCS7 creation. | 38 * PKCS7 creation. |
39 * | 39 * |
40 * $Id: p7create.c,v 1.9 2008/02/03 06:08:48 nelson%bolyard.com Exp $ | 40 * $Id: p7create.c,v 1.10 2012/03/19 22:16:34 kaie%kuix.de Exp $ |
41 */ | 41 */ |
42 | 42 |
43 #include "p7local.h" | 43 #include "p7local.h" |
44 | 44 |
45 #include "cert.h" | 45 #include "cert.h" |
46 #include "secasn1.h" | 46 #include "secasn1.h" |
47 #include "secitem.h" | 47 #include "secitem.h" |
48 #include "secoid.h" | 48 #include "secoid.h" |
49 #include "pk11func.h" | 49 #include "pk11func.h" |
50 #include "prtime.h" | 50 #include "prtime.h" |
51 #include "secerr.h" | 51 #include "secerr.h" |
52 #include "secder.h" | 52 #include "secder.h" |
53 #include "secpkcs5.h" | 53 #include "secpkcs5.h" |
54 | 54 |
| 55 const int NSS_PBE_DEFAULT_ITERATION_COUNT = 2000; /* used in p12e.c too */ |
| 56 |
55 static SECStatus | 57 static SECStatus |
56 sec_pkcs7_init_content_info (SEC_PKCS7ContentInfo *cinfo, PRArenaPool *poolp, | 58 sec_pkcs7_init_content_info (SEC_PKCS7ContentInfo *cinfo, PRArenaPool *poolp, |
57 SECOidTag kind, PRBool detached) | 59 SECOidTag kind, PRBool detached) |
58 { | 60 { |
59 void *thing; | 61 void *thing; |
60 int version; | 62 int version; |
61 SECItem *versionp; | 63 SECItem *versionp; |
62 SECStatus rv; | 64 SECStatus rv; |
63 | 65 |
64 PORT_Assert (cinfo != NULL && poolp != NULL); | 66 PORT_Assert (cinfo != NULL && poolp != NULL); |
(...skipping 1221 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1286 rv = SECOID_SetAlgorithmID (cinfo->poolp, algid, algorithm, NULL); | 1288 rv = SECOID_SetAlgorithmID (cinfo->poolp, algid, algorithm, NULL); |
1287 } else { | 1289 } else { |
1288 /* Assume password-based-encryption. | 1290 /* Assume password-based-encryption. |
1289 * Note: we can't generate pkcs5v2 from this interface. | 1291 * Note: we can't generate pkcs5v2 from this interface. |
1290 * PK11_CreateBPEAlgorithmID generates pkcs5v2 by accepting | 1292 * PK11_CreateBPEAlgorithmID generates pkcs5v2 by accepting |
1291 * non-PBE oids and assuming that they are pkcs5v2 oids, but | 1293 * non-PBE oids and assuming that they are pkcs5v2 oids, but |
1292 * NSS_CMSEncryptedData_Create accepts non-PBE oids as regular | 1294 * NSS_CMSEncryptedData_Create accepts non-PBE oids as regular |
1293 * CMS encrypted data, so we can't tell SEC_PKCS7CreateEncryptedtedData | 1295 * CMS encrypted data, so we can't tell SEC_PKCS7CreateEncryptedtedData |
1294 * to create pkcs5v2 PBEs */ | 1296 * to create pkcs5v2 PBEs */ |
1295 SECAlgorithmID *pbe_algid; | 1297 SECAlgorithmID *pbe_algid; |
1296 » pbe_algid = PK11_CreatePBEAlgorithmID (algorithm, 1, NULL); | 1298 » pbe_algid = PK11_CreatePBEAlgorithmID(algorithm, |
| 1299 NSS_PBE_DEFAULT_ITERATION_COUNT, |
| 1300 NULL); |
1297 if (pbe_algid == NULL) { | 1301 if (pbe_algid == NULL) { |
1298 rv = SECFailure; | 1302 rv = SECFailure; |
1299 } else { | 1303 } else { |
1300 rv = SECOID_CopyAlgorithmID (cinfo->poolp, algid, pbe_algid); | 1304 rv = SECOID_CopyAlgorithmID (cinfo->poolp, algid, pbe_algid); |
1301 SECOID_DestroyAlgorithmID (pbe_algid, PR_TRUE); | 1305 SECOID_DestroyAlgorithmID (pbe_algid, PR_TRUE); |
1302 } | 1306 } |
1303 } | 1307 } |
1304 | 1308 |
1305 if (rv != SECSuccess) { | 1309 if (rv != SECSuccess) { |
1306 SEC_PKCS7DestroyContentInfo (cinfo); | 1310 SEC_PKCS7DestroyContentInfo (cinfo); |
1307 return NULL; | 1311 return NULL; |
1308 } | 1312 } |
1309 | 1313 |
1310 rv = sec_pkcs7_init_encrypted_content_info (&(enc_data->encContentInfo), | 1314 rv = sec_pkcs7_init_encrypted_content_info (&(enc_data->encContentInfo), |
1311 cinfo->poolp, | 1315 cinfo->poolp, |
1312 SEC_OID_PKCS7_DATA, PR_FALSE, | 1316 SEC_OID_PKCS7_DATA, PR_FALSE, |
1313 algorithm, keysize); | 1317 algorithm, keysize); |
1314 if (rv != SECSuccess) { | 1318 if (rv != SECSuccess) { |
1315 SEC_PKCS7DestroyContentInfo (cinfo); | 1319 SEC_PKCS7DestroyContentInfo (cinfo); |
1316 return NULL; | 1320 return NULL; |
1317 } | 1321 } |
1318 | 1322 |
1319 return cinfo; | 1323 return cinfo; |
1320 } | 1324 } |
1321 | 1325 |
OLD | NEW |