RetroZilla/security/nss/lib/jar/jarsign.c
roytam1 44b7f056d9 cherry-picked mozilla NSS upstream changes (to rev bad5fd065fa1, which is on par with 3.20):
bug1001332, 56b691c003ad, bug1086145, bug1054069, bug1155922, bug991783, bug1125025, bug1162521, bug1162644, bug1132941, bug1164364, bug1166205, bug1166163, bug1166515, bug1138554, bug1167046, bug1167043, bug1169451, bug1172128, bug1170322, bug102794, bug1128184, bug557830, bug1174648, bug1180244, bug1177784, bug1173413, bug1169174, bug1084669, bug951455, bug1183395, bug1177430, bug1183827, bug1160139, bug1154106, bug1142209, bug1185033, bug1193467, bug1182667(with sha512 changes backed out, which breaks VC6 compilation), bug1158489, bug337796
2018-07-14 21:22:32 +08:00

237 lines
5.3 KiB
C

/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
* JARSIGN
*
* Routines used in signing archives.
*/
#include "jar.h"
#include "jarint.h"
#include "secpkcs7.h"
#include "pk11func.h"
#include "sechash.h"
/* from libevent.h */
typedef void (*ETVoidPtrFunc) (void * data);
/* key database wrapper */
/* static SECKEYKeyDBHandle *jar_open_key_database (void); */
/* CHUNQ is our bite size */
#define CHUNQ 64000
#define FILECHUNQ 32768
/*
* J A R _ c a l c u l a t e _ d i g e s t
*
* Quick calculation of a digest for
* the specified block of memory. Will calculate
* for all supported algorithms, now MD5.
*
* This version supports huge pointers for WIN16.
*
*/
JAR_Digest * PR_CALLBACK
JAR_calculate_digest(void *data, long length)
{
PK11Context *md5 = 0;
PK11Context *sha1 = 0;
JAR_Digest *dig = PORT_ZNew(JAR_Digest);
long chunq;
unsigned int md5_length, sha1_length;
if (dig == NULL) {
/* out of memory allocating digest */
return NULL;
}
md5 = PK11_CreateDigestContext(SEC_OID_MD5);
sha1 = PK11_CreateDigestContext(SEC_OID_SHA1);
if (length >= 0) {
PK11_DigestBegin (md5);
PK11_DigestBegin (sha1);
do {
chunq = length;
PK11_DigestOp(md5, (unsigned char*)data, chunq);
PK11_DigestOp(sha1, (unsigned char*)data, chunq);
length -= chunq;
data = ((char *) data + chunq);
}
while (length > 0);
PK11_DigestFinal (md5, dig->md5, &md5_length, MD5_LENGTH);
PK11_DigestFinal (sha1, dig->sha1, &sha1_length, SHA1_LENGTH);
PK11_DestroyContext (md5, PR_TRUE);
PK11_DestroyContext (sha1, PR_TRUE);
}
return dig;
}
/*
* J A R _ d i g e s t _ f i l e
*
* Calculates the MD5 and SHA1 digests for a file
* present on disk, and returns these in JAR_Digest struct.
*
*/
int
JAR_digest_file (char *filename, JAR_Digest *dig)
{
JAR_FILE fp;
PK11Context *md5 = 0;
PK11Context *sha1 = 0;
unsigned char *buf = (unsigned char *) PORT_ZAlloc (FILECHUNQ);
int num;
unsigned int md5_length, sha1_length;
if (buf == NULL) {
/* out of memory */
return JAR_ERR_MEMORY;
}
if ((fp = JAR_FOPEN (filename, "rb")) == 0) {
/* perror (filename); FIX XXX XXX XXX XXX XXX XXX */
PORT_Free (buf);
return JAR_ERR_FNF;
}
md5 = PK11_CreateDigestContext (SEC_OID_MD5);
sha1 = PK11_CreateDigestContext (SEC_OID_SHA1);
if (md5 == NULL || sha1 == NULL) {
/* can't generate digest contexts */
PORT_Free (buf);
JAR_FCLOSE (fp);
return JAR_ERR_GENERAL;
}
PK11_DigestBegin (md5);
PK11_DigestBegin (sha1);
while (1) {
if ((num = JAR_FREAD (fp, buf, FILECHUNQ)) == 0)
break;
PK11_DigestOp (md5, buf, num);
PK11_DigestOp (sha1, buf, num);
}
PK11_DigestFinal (md5, dig->md5, &md5_length, MD5_LENGTH);
PK11_DigestFinal (sha1, dig->sha1, &sha1_length, SHA1_LENGTH);
PK11_DestroyContext (md5, PR_TRUE);
PK11_DestroyContext (sha1, PR_TRUE);
PORT_Free (buf);
JAR_FCLOSE (fp);
return 0;
}
/*
* J A R _ o p e n _ k e y _ d a t a b a s e
*
*/
void*
jar_open_key_database(void)
{
return NULL;
}
int
jar_close_key_database(void *keydb)
{
/* We never do close it */
return 0;
}
/*
* j a r _ c r e a t e _ p k 7
*
*/
static void jar_pk7_out (void *arg, const char *buf, unsigned long len)
{
JAR_FWRITE ((JAR_FILE) arg, buf, len);
}
int
jar_create_pk7(CERTCertDBHandle *certdb, void *keydb, CERTCertificate *cert,
char *password, JAR_FILE infp, JAR_FILE outfp)
{
SEC_PKCS7ContentInfo *cinfo;
const SECHashObject *hashObj;
void *mw = NULL;
void *hashcx;
unsigned int len;
int status = 0;
SECStatus rv;
SECItem digest;
unsigned char digestdata[32];
unsigned char buffer[4096];
if (outfp == NULL || infp == NULL || cert == NULL)
return JAR_ERR_GENERAL;
/* we sign with SHA */
hashObj = HASH_GetHashObject(HASH_AlgSHA1);
hashcx = (* hashObj->create)();
if (hashcx == NULL)
return JAR_ERR_GENERAL;
(* hashObj->begin)(hashcx);
while (1) {
int nb = JAR_FREAD(infp, buffer, sizeof buffer);
if (nb == 0) { /* eof */
break;
}
(* hashObj->update) (hashcx, buffer, nb);
}
(* hashObj->end)(hashcx, digestdata, &len, 32);
(* hashObj->destroy)(hashcx, PR_TRUE);
digest.data = digestdata;
digest.len = len;
/* signtool must use any old context it can find since it's
calling from inside javaland. */
PORT_SetError (0);
cinfo = SEC_PKCS7CreateSignedData(cert, certUsageObjectSigner, NULL,
SEC_OID_SHA1, &digest, NULL, mw);
if (cinfo == NULL)
return JAR_ERR_PK7;
rv = SEC_PKCS7IncludeCertChain(cinfo, NULL);
if (rv != SECSuccess) {
status = PORT_GetError();
SEC_PKCS7DestroyContentInfo(cinfo);
return status;
}
/* Having this here forces signtool to always include signing time. */
rv = SEC_PKCS7AddSigningTime(cinfo);
/* don't check error */
PORT_SetError(0);
/* if calling from mozilla thread*/
rv = SEC_PKCS7Encode(cinfo, jar_pk7_out, outfp, NULL, NULL, mw);
if (rv != SECSuccess)
status = PORT_GetError();
SEC_PKCS7DestroyContentInfo (cinfo);
if (rv != SECSuccess) {
return ((status < 0) ? status : JAR_ERR_GENERAL);
}
return 0;
}