evolution-data-server r10132 - trunk/camel

[mbarnes svn gnome org]

Author: mbarnes
Date: Wed Mar  4 20:34:51 2009
New Revision: 10132
URL: http://svn.gnome.org/viewvc/evolution-data-server?rev=10132&view=rev

Log:
2009-03-04  Matthew Barnes  <mbarnes redhat com>

	** Re-fixes bug #564465  (Patch by Milan Crha)

	* camel/camel-smime-context.c (sm_verify_cmsg):
	Accept signed messages that don't list the digest algorithms.



Modified:
   trunk/camel/ChangeLog
   trunk/camel/camel-smime-context.c

Modified: trunk/camel/camel-smime-context.c
==============================================================================
--- trunk/camel/camel-smime-context.c	(original)
+++ trunk/camel/camel-smime-context.c	Wed Mar  4 20:34:51 2009
@@ -744,6 +744,7 @@
 	for (i = 0; i < count; i++) {
 		NSSCMSContentInfo *cinfo = NSS_CMSMessage_ContentLevel(cmsg, i);
 		SECOidTag typetag = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
+		int which_digest;
 
 		switch (typetag) {
 		case SEC_OID_PKCS7_SIGNED_DATA:
@@ -753,57 +754,49 @@
 				goto fail;
 			}
 
-			/* need to build digests of the content */
-			if (!NSS_CMSSignedData_HasDigests(sigd)) {
-				camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Cannot set message digests"));
+			if (extstream == NULL) {
+				set_nss_error (ex, _("Digests missing from enveloped data"));
 				goto fail;
-			} else {
-				int which_digest;
+			}
 
-				if (extstream == NULL) {
-					set_nss_error (ex, _("Digests missing from enveloped data"));
-					goto fail;
-				}
+			if ((poolp = PORT_NewArena(1024)) == NULL) {
+				set_nss_error (ex, g_strerror (ENOMEM));
+				goto fail;
+			}
 
-				if ((poolp = PORT_NewArena(1024)) == NULL) {
-					set_nss_error (ex, g_strerror (ENOMEM));
-					goto fail;
-				}
+			digestalgs = NSS_CMSSignedData_GetDigestAlgs(sigd);
+			
+			digcx = NSS_CMSDigestContext_StartMultiple(digestalgs);
+			if (digcx == NULL) {
+				set_nss_error (ex, _("Cannot calculate digests"));
+				goto fail;
+			}
 
-				digestalgs = NSS_CMSSignedData_GetDigestAlgs(sigd);
-				
-				digcx = NSS_CMSDigestContext_StartMultiple(digestalgs);
-				if (digcx == NULL) {
-					set_nss_error (ex, _("Cannot calculate digests"));
-					goto fail;
-				}
+			mem = (CamelStreamMem *)camel_stream_mem_new();
+			camel_stream_write_to_stream(extstream, (CamelStream *)mem);
+			NSS_CMSDigestContext_Update(digcx, mem->buffer->data, mem->buffer->len);
+			camel_object_unref(mem);
 
-				mem = (CamelStreamMem *)camel_stream_mem_new();
-				camel_stream_write_to_stream(extstream, (CamelStream *)mem);
-				NSS_CMSDigestContext_Update(digcx, mem->buffer->data, mem->buffer->len);
-				camel_object_unref(mem);
+			if (NSS_CMSDigestContext_FinishMultiple(digcx, poolp, &digests) != SECSuccess) {
+				set_nss_error (ex, _("Cannot calculate digests"));
+				goto fail;
+			}
 
-				if (NSS_CMSDigestContext_FinishMultiple(digcx, poolp, &digests) != SECSuccess) {
-					set_nss_error (ex, _("Cannot calculate digests"));
+			for (which_digest = 0; digests[which_digest] != NULL; which_digest++) {
+				SECOidData *digest_alg = SECOID_FindOID (&digestalgs[which_digest]->algorithm);
+				if (digest_alg == NULL) {
+					set_nss_error (ex, _("Cannot set message digests"));
 					goto fail;
 				}
-
-				for (which_digest = 0; digests[which_digest] != NULL; which_digest++) {
-					SECOidData *digest_alg = SECOID_FindOID (&digestalgs[which_digest]->algorithm);
-					if (digest_alg == NULL) {
-						set_nss_error (ex, _("Cannot set message digests"));
-						goto fail;
-					}
-					if (NSS_CMSSignedData_SetDigestValue (sigd, digest_alg->offset, digests[which_digest]) != SECSuccess) {
-						set_nss_error (ex, _("Cannot set message digests"));
-						goto fail;
-					}
+				if (NSS_CMSSignedData_SetDigestValue (sigd, digest_alg->offset, digests[which_digest]) != SECSuccess) {
+					set_nss_error (ex, _("Cannot set message digests"));
+					goto fail;
 				}
-
-				PORT_FreeArena(poolp, PR_FALSE);
-				poolp = NULL;
 			}
 
+			PORT_FreeArena(poolp, PR_FALSE);
+			poolp = NULL;
+
 			/* import all certificates present */
 			if (NSS_CMSSignedData_ImportCerts(sigd, p->certdb, certUsageEmailSigner, PR_TRUE) != SECSuccess) {
 				set_nss_error (ex, _("Certificate import failed"));