The Tor Browser: security/nss/lib/pkcs7/p7local.h@b8a032363ba2 (annotated)

security/nss/lib/pkcs7/p7local.h@b8a032363ba2 (annotated)

security/nss/lib/pkcs7/p7local.h

Thu, 22 Jan 2015 13:21:57 +0100

author: Michael Schloh von Bennewitz <michael@schloh.com>
date: Thu, 22 Jan 2015 13:21:57 +0100
branch: TOR_BUG_9701
changeset 15: b8a032363ba2
permissions: -rw-r--r--

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 /*
  * Support routines for PKCS7 implementation, none of which are exported.
  * This file should only contain things that are needed by both the
  * encoding/creation side *and* the decoding/decryption side.  Anything
  * else should just be static routines in the appropriate file.
  *
  * Do not export this file!  If something in here is really needed outside
  * of pkcs7 code, first try to add a PKCS7 interface which will do it for
  * you.  If that has a problem, then just move out what you need, changing
  * its name as appropriate!
  */
 #ifndef _P7LOCAL_H_
 #define _P7LOCAL_H_
 #include "secpkcs7.h"
 #include "secasn1t.h"
 extern const SEC_ASN1Template sec_PKCS7ContentInfoTemplate[];
 /* opaque objects */
 typedef struct sec_pkcs7_cipher_object sec_PKCS7CipherObject;
 /************************************************************************/
 SEC_BEGIN_PROTOS
 /*
  * Look through a set of attributes and find one that matches the
  * specified object ID.  If "only" is true, then make sure that
  * there is not more than one attribute of the same type.  Otherwise,
  * just return the first one found. (XXX Does anybody really want
  * that first-found behavior?  It was like that when I found it...)
  */
 extern SEC_PKCS7Attribute *sec_PKCS7FindAttribute (SEC_PKCS7Attribute **attrs,
 						   SECOidTag oidtag,
 						   PRBool only);
 /*
  * Return the single attribute value, doing some sanity checking first:
  * - Multiple values are *not* expected.
  * - Empty values are *not* expected.
  */
 extern SECItem *sec_PKCS7AttributeValue (SEC_PKCS7Attribute *attr);
 /*
  * Encode a set of attributes (found in "src").
  */
 extern SECItem *sec_PKCS7EncodeAttributes (PLArenaPool *poolp,
 					   SECItem *dest, void *src);
 /*
  * Make sure that the order of the attributes guarantees valid DER
  * (which must be in lexigraphically ascending order for a SET OF);
  * if reordering is necessary it will be done in place (in attrs).
  */
 extern SECStatus sec_PKCS7ReorderAttributes (SEC_PKCS7Attribute **attrs);
 /*
  * Create a context for decrypting, based on the given key and algorithm.
  */
 extern sec_PKCS7CipherObject *
 sec_PKCS7CreateDecryptObject (PK11SymKey *key, SECAlgorithmID *algid);
 /*
  * Create a context for encrypting, based on the given key and algorithm,
  * and fill in the algorithm id.
  */
 extern sec_PKCS7CipherObject *
 sec_PKCS7CreateEncryptObject (PLArenaPool *poolp, PK11SymKey *key,
 			      SECOidTag algtag, SECAlgorithmID *algid);
 /*
  * Destroy the given decryption or encryption object.
  */
 extern void sec_PKCS7DestroyDecryptObject (sec_PKCS7CipherObject *obj);
 extern void sec_PKCS7DestroyEncryptObject (sec_PKCS7CipherObject *obj);
 /*
  * What will be the output length of the next call to encrypt/decrypt?
  * Result can be used to perform memory allocations.  Note that the amount
  * is exactly accurate only when not doing a block cipher or when final
  * is false, otherwise it is an upper bound on the amount because until
  * we see the data we do not know how many padding bytes there are
  * (always between 1 and the cipher block size).
  *
  * Note that this can return zero, which does not mean that the cipher
  * operation can be skipped!  (It simply means that there are not enough
  * bytes to make up an entire block; the bytes will be reserved until
  * there are enough to encrypt/decrypt at least one block.)  However,
  * if zero is returned it *does* mean that no output buffer need be
  * passed in to the subsequent cipher operation, as no output bytes
  * will be stored.
  */
 extern unsigned int sec_PKCS7DecryptLength (sec_PKCS7CipherObject *obj,
 					    unsigned int input_len,
 					    PRBool final);
 extern unsigned int sec_PKCS7EncryptLength (sec_PKCS7CipherObject *obj,
 					    unsigned int input_len,
 					    PRBool final);
 /*
  * Decrypt a given length of input buffer (starting at "input" and
  * containing "input_len" bytes), placing the decrypted bytes in
  * "output" and storing the output length in "*output_len_p".
  * "obj" is the return value from sec_PKCS7CreateDecryptObject.
  * When "final" is true, this is the last of the data to be decrypted.
  */
 extern SECStatus sec_PKCS7Decrypt (sec_PKCS7CipherObject *obj,
 				   unsigned char *output,
 				   unsigned int *output_len_p,
 				   unsigned int max_output_len,
 				   const unsigned char *input,
 				   unsigned int input_len,
 				   PRBool final);
 /*
  * Encrypt a given length of input buffer (starting at "input" and
  * containing "input_len" bytes), placing the encrypted bytes in
  * "output" and storing the output length in "*output_len_p".
  * "obj" is the return value from sec_PKCS7CreateEncryptObject.
  * When "final" is true, this is the last of the data to be encrypted.
  */
 extern SECStatus sec_PKCS7Encrypt (sec_PKCS7CipherObject *obj,
 				   unsigned char *output,
 				   unsigned int *output_len_p,
 				   unsigned int max_output_len,
 				   const unsigned char *input,
 				   unsigned int input_len,
 				   PRBool final);
 /************************************************************************/
 SEC_END_PROTOS
 #endif /* _P7LOCAL_H_ */

The Tor Browser / annotate

security/nss/lib/pkcs7/p7local.h@b8a032363ba2 (annotated)

security/nss/lib/pkcs7/p7local.h