The Tor Browser: security/nss/lib/smime/cmscipher.c@b8a032363ba2 (annotated)

security/nss/lib/smime/cmscipher.c@b8a032363ba2 (annotated)

security/nss/lib/smime/cmscipher.c

Thu, 22 Jan 2015 13:21:57 +0100

author: Michael Schloh von Bennewitz <michael@schloh.com>
date: Thu, 22 Jan 2015 13:21:57 +0100
branch: TOR_BUG_9701
changeset 15: b8a032363ba2
permissions: -rw-r--r--

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 /*
  * Encryption/decryption routines for CMS implementation, none of which are exported.
  */
 #include "cmslocal.h"
 #include "secoid.h"
 #include "secitem.h"
 #include "pk11func.h"
 #include "secerr.h"
 #include "secpkcs5.h"
 /*
  * -------------------------------------------------------------------
  * Cipher stuff.
  */
 typedef SECStatus (*nss_cms_cipher_function) (void *, unsigned char *, unsigned int *,
 					unsigned int, const unsigned char *, unsigned int);
 typedef SECStatus (*nss_cms_cipher_destroy) (void *, PRBool);
 #define BLOCK_SIZE 4096
 struct NSSCMSCipherContextStr {
     void *		cx;			/* PK11 cipher context */
     nss_cms_cipher_function doit;
     nss_cms_cipher_destroy destroy;
     PRBool		encrypt;		/* encrypt / decrypt switch */
     int			block_size;		/* block & pad sizes for cipher */
     int			pad_size;
     int			pending_count;		/* pending data (not yet en/decrypted */
     unsigned char	pending_buf[BLOCK_SIZE];/* because of blocking */
 };
 /*
  * NSS_CMSCipherContext_StartDecrypt - create a cipher context to do decryption
  * based on the given bulk encryption key and algorithm identifier (which
  * may include an iv).
  *
  * XXX Once both are working, it might be nice to combine this and the
  * function below (for starting up encryption) into one routine, and just
  * have two simple cover functions which call it.
  */
 NSSCMSCipherContext *
 NSS_CMSCipherContext_StartDecrypt(PK11SymKey *key, SECAlgorithmID *algid)
 {
     NSSCMSCipherContext *cc;
     void *ciphercx;
     CK_MECHANISM_TYPE cryptoMechType;
     PK11SlotInfo *slot;
     SECOidTag algtag;
     SECItem *param = NULL;
     algtag = SECOID_GetAlgorithmTag(algid);
     /* set param and mechanism */
     if (SEC_PKCS5IsAlgorithmPBEAlg(algid)) {
 	SECItem *pwitem;
 	pwitem = PK11_GetSymKeyUserData(key);
 	if (!pwitem)
 	    return NULL;
 	cryptoMechType = PK11_GetPBECryptoMechanism(algid, &param, pwitem);
 	if (cryptoMechType == CKM_INVALID_MECHANISM) {
 	    SECITEM_FreeItem(param,PR_TRUE);
 	    return NULL;
 	}
     } else {
 	cryptoMechType = PK11_AlgtagToMechanism(algtag);
 	if ((param = PK11_ParamFromAlgid(algid)) == NULL)
 	    return NULL;
     }
     cc = (NSSCMSCipherContext *)PORT_ZAlloc(sizeof(NSSCMSCipherContext));
     if (cc == NULL) {
 	SECITEM_FreeItem(param,PR_TRUE);
 	return NULL;
     }
     /* figure out pad and block sizes */
     cc->pad_size = PK11_GetBlockSize(cryptoMechType, param);
     slot = PK11_GetSlotFromKey(key);
     cc->block_size = PK11_IsHW(slot) ? BLOCK_SIZE : cc->pad_size;
     PK11_FreeSlot(slot);
     /* create PK11 cipher context */
     ciphercx = PK11_CreateContextBySymKey(cryptoMechType, CKA_DECRYPT,
 					  key, param);
     SECITEM_FreeItem(param, PR_TRUE);
     if (ciphercx == NULL) {
 	PORT_Free (cc);
 	return NULL;
     }
     cc->cx = ciphercx;
     cc->doit =  (nss_cms_cipher_function) PK11_CipherOp;
     cc->destroy = (nss_cms_cipher_destroy) PK11_DestroyContext;
     cc->encrypt = PR_FALSE;
     cc->pending_count = 0;
     return cc;
 }
 /*
  * NSS_CMSCipherContext_StartEncrypt - create a cipher object to do encryption,
  * based on the given bulk encryption key and algorithm tag.  Fill in the
  * algorithm identifier (which may include an iv) appropriately.
  *
  * XXX Once both are working, it might be nice to combine this and the
  * function above (for starting up decryption) into one routine, and just
  * have two simple cover functions which call it.
  */
 NSSCMSCipherContext *
 NSS_CMSCipherContext_StartEncrypt(PLArenaPool *poolp, PK11SymKey *key, SECAlgorithmID *algid)
 {
     NSSCMSCipherContext *cc;
     void *ciphercx;
     SECStatus rv;
     CK_MECHANISM_TYPE cryptoMechType;
     PK11SlotInfo *slot;
     SECItem *param = NULL;
     PRBool needToEncodeAlgid = PR_FALSE;
     SECOidTag algtag = SECOID_GetAlgorithmTag(algid);
     /* set param and mechanism */
     if (SEC_PKCS5IsAlgorithmPBEAlg(algid)) {
 	SECItem *pwitem;
 	pwitem = PK11_GetSymKeyUserData(key);
 	if (!pwitem)
 	    return NULL;
 	cryptoMechType = PK11_GetPBECryptoMechanism(algid, &param, pwitem);
 	if (cryptoMechType == CKM_INVALID_MECHANISM) {
 	    SECITEM_FreeItem(param,PR_TRUE);
 	    return NULL;
 	}
     } else {
 	cryptoMechType = PK11_AlgtagToMechanism(algtag);
 	if ((param = PK11_GenerateNewParam(cryptoMechType, key)) == NULL)
 	    return NULL;
 	needToEncodeAlgid = PR_TRUE;
     }
     cc = (NSSCMSCipherContext *)PORT_ZAlloc(sizeof(NSSCMSCipherContext));
     if (cc == NULL) {
 	goto loser;
     }
     /* now find pad and block sizes for our mechanism */
     cc->pad_size = PK11_GetBlockSize(cryptoMechType, param);
     slot = PK11_GetSlotFromKey(key);
     cc->block_size = PK11_IsHW(slot) ? BLOCK_SIZE : cc->pad_size;
     PK11_FreeSlot(slot);
     /* and here we go, creating a PK11 cipher context */
     ciphercx = PK11_CreateContextBySymKey(cryptoMechType, CKA_ENCRYPT,
 					  key, param);
     if (ciphercx == NULL) {
 	PORT_Free(cc);
 	cc = NULL;
 	goto loser;
     }
     /*
      * These are placed after the CreateContextBySymKey() because some
      * mechanisms have to generate their IVs from their card (i.e. FORTEZZA).
      * Don't move it from here.
      * XXX is that right? the purpose of this is to get the correct algid
      *     containing the IVs etc. for encoding. this means we need to set this up
      *     BEFORE encoding the algid in the contentInfo, right?
      */
     if (needToEncodeAlgid) {
 	rv = PK11_ParamToAlgid(algtag, param, poolp, algid);
 	if(rv != SECSuccess) {
 	    PORT_Free(cc);
 	    cc = NULL;
 	    goto loser;
 	}
     }
     cc->cx = ciphercx;
     cc->doit = (nss_cms_cipher_function)PK11_CipherOp;
     cc->destroy = (nss_cms_cipher_destroy)PK11_DestroyContext;
     cc->encrypt = PR_TRUE;
     cc->pending_count = 0;
 loser:
     SECITEM_FreeItem(param, PR_TRUE);
     return cc;
 }
 void
 NSS_CMSCipherContext_Destroy(NSSCMSCipherContext *cc)
 {
     PORT_Assert(cc != NULL);
     if (cc == NULL)
 	return;
     (*cc->destroy)(cc->cx, PR_TRUE);
     PORT_Free(cc);
 }
 /*
  * NSS_CMSCipherContext_DecryptLength - find the output length of the next call to decrypt.
  *
  * cc - the cipher context
  * input_len - number of bytes used as input
  * final - true if this is the final chunk of data
  *
  * Result can be used to perform memory allocations.  Note that the amount
  * is exactly accurate only when not doing a block cipher or when final
  * is false, otherwise it is an upper bound on the amount because until
  * we see the data we do not know how many padding bytes there are
  * (always between 1 and bsize).
  *
  * Note that this can return zero, which does not mean that the decrypt
  * operation can be skipped!  (It simply means that there are not enough
  * bytes to make up an entire block; the bytes will be reserved until
  * there are enough to encrypt/decrypt at least one block.)  However,
  * if zero is returned it *does* mean that no output buffer need be
  * passed in to the subsequent decrypt operation, as no output bytes
  * will be stored.
  */
 unsigned int
 NSS_CMSCipherContext_DecryptLength(NSSCMSCipherContext *cc, unsigned int input_len, PRBool final)
 {
     int blocks, block_size;
     PORT_Assert (! cc->encrypt);
     block_size = cc->block_size;
     /*
      * If this is not a block cipher, then we always have the same
      * number of output bytes as we had input bytes.
      */
     if (block_size == 0)
 	return input_len;
     /*
      * On the final call, we will always use up all of the pending
      * bytes plus all of the input bytes, *but*, there will be padding
      * at the end and we cannot predict how many bytes of padding we
      * will end up removing.  The amount given here is actually known
      * to be at least 1 byte too long (because we know we will have
      * at least 1 byte of padding), but seemed clearer/better to me.
      */
     if (final)
 	return cc->pending_count + input_len;
     /*
      * Okay, this amount is exactly what we will output on the
      * next cipher operation.  We will always hang onto the last
      * 1 - block_size bytes for non-final operations.  That is,
      * we will do as many complete blocks as we can *except* the
      * last block (complete or partial).  (This is because until
      * we know we are at the end, we cannot know when to interpret
      * and removing the padding byte(s), which are guaranteed to
      * be there.)
      */
     blocks = (cc->pending_count + input_len - 1) / block_size;
     return blocks * block_size;
 }
 /*
  * NSS_CMSCipherContext_EncryptLength - find the output length of the next call to encrypt.
  *
  * cc - the cipher context
  * input_len - number of bytes used as input
  * final - true if this is the final chunk of data
  *
  * Result can be used to perform memory allocations.
  *
  * Note that this can return zero, which does not mean that the encrypt
  * operation can be skipped!  (It simply means that there are not enough
  * bytes to make up an entire block; the bytes will be reserved until
  * there are enough to encrypt/decrypt at least one block.)  However,
  * if zero is returned it *does* mean that no output buffer need be
  * passed in to the subsequent encrypt operation, as no output bytes
  * will be stored.
  */
 unsigned int
 NSS_CMSCipherContext_EncryptLength(NSSCMSCipherContext *cc, unsigned int input_len, PRBool final)
 {
     int blocks, block_size;
     int pad_size;
     PORT_Assert (cc->encrypt);
     block_size = cc->block_size;
     pad_size = cc->pad_size;
     /*
      * If this is not a block cipher, then we always have the same
      * number of output bytes as we had input bytes.
      */
     if (block_size == 0)
 	return input_len;
     /*
      * On the final call, we only send out what we need for
      * remaining bytes plus the padding.  (There is always padding,
      * so even if we have an exact number of blocks as input, we
      * will add another full block that is just padding.)
      */
     if (final) {
 	if (pad_size == 0) {
     	    return cc->pending_count + input_len;
 	} else {
     	    blocks = (cc->pending_count + input_len) / pad_size;
 	    blocks++;
 	    return blocks*pad_size;
 	}
     }
     /*
      * Now, count the number of complete blocks of data we have.
      */
     blocks = (cc->pending_count + input_len) / block_size;
     return blocks * block_size;
 }
 /*
  * NSS_CMSCipherContext_Decrypt - do the decryption
  *
  * cc - the cipher context
  * output - buffer for decrypted result bytes
  * output_len_p - number of bytes in output
  * max_output_len - upper bound on bytes to put into output
  * input - pointer to input bytes
  * input_len - number of input bytes
  * final - true if this is the final chunk of data
  *
  * Decrypts a given length of input buffer (starting at "input" and
  * containing "input_len" bytes), placing the decrypted bytes in
  * "output" and storing the output length in "*output_len_p".
  * "cc" is the return value from NSS_CMSCipher_StartDecrypt.
  * When "final" is true, this is the last of the data to be decrypted.
  *
  * This is much more complicated than it sounds when the cipher is
  * a block-type, meaning that the decryption function will only
  * operate on whole blocks.  But our caller is operating stream-wise,
  * and can pass in any number of bytes.  So we need to keep track
  * of block boundaries.  We save excess bytes between calls in "cc".
  * We also need to determine which bytes are padding, and remove
  * them from the output.  We can only do this step when we know we
  * have the final block of data.  PKCS #7 specifies that the padding
  * used for a block cipher is a string of bytes, each of whose value is
  * the same as the length of the padding, and that all data is padded.
  * (Even data that starts out with an exact multiple of blocks gets
  * added to it another block, all of which is padding.)
  */
 SECStatus
 NSS_CMSCipherContext_Decrypt(NSSCMSCipherContext *cc, unsigned char *output,
 		  unsigned int *output_len_p, unsigned int max_output_len,
 		  const unsigned char *input, unsigned int input_len,
 		  PRBool final)
 {
     int blocks, bsize, pcount, padsize;
     unsigned int max_needed, ifraglen, ofraglen, output_len;
     unsigned char *pbuf;
     SECStatus rv;
     PORT_Assert (! cc->encrypt);
     /*
      * Check that we have enough room for the output.  Our caller should
      * already handle this; failure is really an internal error (i.e. bug).
      */
     max_needed = NSS_CMSCipherContext_DecryptLength(cc, input_len, final);
     PORT_Assert (max_output_len >= max_needed);
     if (max_output_len < max_needed) {
 	/* PORT_SetError (XXX); */
 	return SECFailure;
     }
     /*
      * hardware encryption does not like small decryption sizes here, so we
      * allow both blocking and padding.
      */
     bsize = cc->block_size;
     padsize = cc->pad_size;
     /*
      * When no blocking or padding work to do, we can simply call the
      * cipher function and we are done.
      */
     if (bsize == 0) {
 	return (* cc->doit) (cc->cx, output, output_len_p, max_output_len,
 			      input, input_len);
     }
     pcount = cc->pending_count;
     pbuf = cc->pending_buf;
     output_len = 0;
     if (pcount) {
 	/*
 	 * Try to fill in an entire block, starting with the bytes
 	 * we already have saved away.
 	 */
 	while (input_len && pcount < bsize) {
 	    pbuf[pcount++] = *input++;
 	    input_len--;
 	}
 	/*
 	 * If we have at most a whole block and this is not our last call,
 	 * then we are done for now.  (We do not try to decrypt a lone
 	 * single block because we cannot interpret the padding bytes
 	 * until we know we are handling the very last block of all input.)
 	 */
 	if (input_len == 0 && !final) {
 	    cc->pending_count = pcount;
 	    if (output_len_p)
 		*output_len_p = 0;
 	    return SECSuccess;
 	}
 	/*
 	 * Given the logic above, we expect to have a full block by now.
 	 * If we do not, there is something wrong, either with our own
 	 * logic or with (length of) the data given to us.
 	 */
 	if ((padsize != 0) && (pcount % padsize) != 0) {
 	    PORT_Assert (final);
 	    PORT_SetError (SEC_ERROR_BAD_DATA);
 	    return SECFailure;
 	}
 	/*
 	 * Decrypt the block.
 	 */
 	rv = (*cc->doit)(cc->cx, output, &ofraglen, max_output_len,
 			    pbuf, pcount);
 	if (rv != SECSuccess)
 	    return rv;
 	/*
 	 * For now anyway, all of our ciphers have the same number of
 	 * bytes of output as they do input.  If this ever becomes untrue,
 	 * then NSS_CMSCipherContext_DecryptLength needs to be made smarter!
 	 */
 	PORT_Assert(ofraglen == pcount);
 	/*
 	 * Account for the bytes now in output.
 	 */
 	max_output_len -= ofraglen;
 	output_len += ofraglen;
 	output += ofraglen;
     }
     /*
      * If this is our last call, we expect to have an exact number of
      * blocks left to be decrypted; we will decrypt them all.
      *
      * If not our last call, we always save between 1 and bsize bytes
      * until next time.  (We must do this because we cannot be sure
      * that none of the decrypted bytes are padding bytes until we
      * have at least another whole block of data.  You cannot tell by
      * looking -- the data could be anything -- you can only tell by
      * context, knowing you are looking at the last block.)  We could
      * decrypt a whole block now but it is easier if we just treat it
      * the same way we treat partial block bytes.
      */
     if (final) {
 	if (padsize) {
 	    blocks = input_len / padsize;
 	    ifraglen = blocks * padsize;
 	} else ifraglen = input_len;
 	PORT_Assert (ifraglen == input_len);
 	if (ifraglen != input_len) {
 	    PORT_SetError(SEC_ERROR_BAD_DATA);
 	    return SECFailure;
 	}
     } else {
 	blocks = (input_len - 1) / bsize;
 	ifraglen = blocks * bsize;
 	PORT_Assert (ifraglen < input_len);
 	pcount = input_len - ifraglen;
 	PORT_Memcpy (pbuf, input + ifraglen, pcount);
 	cc->pending_count = pcount;
     }
     if (ifraglen) {
 	rv = (* cc->doit)(cc->cx, output, &ofraglen, max_output_len,
 			    input, ifraglen);
 	if (rv != SECSuccess)
 	    return rv;
 	/*
 	 * For now anyway, all of our ciphers have the same number of
 	 * bytes of output as they do input.  If this ever becomes untrue,
 	 * then sec_PKCS7DecryptLength needs to be made smarter!
 	 */
 	PORT_Assert (ifraglen == ofraglen);
 	if (ifraglen != ofraglen) {
 	    PORT_SetError(SEC_ERROR_BAD_DATA);
 	    return SECFailure;
 	}
 	output_len += ofraglen;
     } else {
 	ofraglen = 0;
     }
     /*
      * If we just did our very last block, "remove" the padding by
      * adjusting the output length.
      */
     if (final && (padsize != 0)) {
 	unsigned int padlen = *(output + ofraglen - 1);
 	if (padlen == 0 || padlen > padsize) {
 	    PORT_SetError(SEC_ERROR_BAD_DATA);
 	    return SECFailure;
 	}
 	output_len -= padlen;
     }
     PORT_Assert (output_len_p != NULL || output_len == 0);
     if (output_len_p != NULL)
 	*output_len_p = output_len;
     return SECSuccess;
 }
 /*
  * NSS_CMSCipherContext_Encrypt - do the encryption
  *
  * cc - the cipher context
  * output - buffer for decrypted result bytes
  * output_len_p - number of bytes in output
  * max_output_len - upper bound on bytes to put into output
  * input - pointer to input bytes
  * input_len - number of input bytes
  * final - true if this is the final chunk of data
  *
  * Encrypts a given length of input buffer (starting at "input" and
  * containing "input_len" bytes), placing the encrypted bytes in
  * "output" and storing the output length in "*output_len_p".
  * "cc" is the return value from NSS_CMSCipher_StartEncrypt.
  * When "final" is true, this is the last of the data to be encrypted.
  *
  * This is much more complicated than it sounds when the cipher is
  * a block-type, meaning that the encryption function will only
  * operate on whole blocks.  But our caller is operating stream-wise,
  * and can pass in any number of bytes.  So we need to keep track
  * of block boundaries.  We save excess bytes between calls in "cc".
  * We also need to add padding bytes at the end.  PKCS #7 specifies
  * that the padding used for a block cipher is a string of bytes,
  * each of whose value is the same as the length of the padding,
  * and that all data is padded.  (Even data that starts out with
  * an exact multiple of blocks gets added to it another block,
  * all of which is padding.)
  *
  * XXX I would kind of like to combine this with the function above
  * which does decryption, since they have a lot in common.  But the
  * tricky parts about padding and filling blocks would be much
  * harder to read that way, so I left them separate.  At least for
  * now until it is clear that they are right.
  */
 SECStatus
 NSS_CMSCipherContext_Encrypt(NSSCMSCipherContext *cc, unsigned char *output,
 		  unsigned int *output_len_p, unsigned int max_output_len,
 		  const unsigned char *input, unsigned int input_len,
 		  PRBool final)
 {
     int blocks, bsize, padlen, pcount, padsize;
     unsigned int max_needed, ifraglen, ofraglen, output_len;
     unsigned char *pbuf;
     SECStatus rv;
     PORT_Assert (cc->encrypt);
     /*
      * Check that we have enough room for the output.  Our caller should
      * already handle this; failure is really an internal error (i.e. bug).
      */
     max_needed = NSS_CMSCipherContext_EncryptLength (cc, input_len, final);
     PORT_Assert (max_output_len >= max_needed);
     if (max_output_len < max_needed) {
 	/* PORT_SetError (XXX); */
 	return SECFailure;
     }
     bsize = cc->block_size;
     padsize = cc->pad_size;
     /*
      * When no blocking and padding work to do, we can simply call the
      * cipher function and we are done.
      */
     if (bsize == 0) {
 	return (*cc->doit)(cc->cx, output, output_len_p, max_output_len,
 			      input, input_len);
     }
     pcount = cc->pending_count;
     pbuf = cc->pending_buf;
     output_len = 0;
     if (pcount) {
 	/*
 	 * Try to fill in an entire block, starting with the bytes
 	 * we already have saved away.
 	 */
 	while (input_len && pcount < bsize) {
 	    pbuf[pcount++] = *input++;
 	    input_len--;
 	}
 	/*
 	 * If we do not have a full block and we know we will be
 	 * called again, then we are done for now.
 	 */
 	if (pcount < bsize && !final) {
 	    cc->pending_count = pcount;
 	    if (output_len_p != NULL)
 		*output_len_p = 0;
 	    return SECSuccess;
 	}
 	/*
 	 * If we have a whole block available, encrypt it.
 	 */
 	if ((padsize == 0) || (pcount % padsize) == 0) {
 	    rv = (* cc->doit) (cc->cx, output, &ofraglen, max_output_len,
 				pbuf, pcount);
 	    if (rv != SECSuccess)
 		return rv;
 	    /*
 	     * For now anyway, all of our ciphers have the same number of
 	     * bytes of output as they do input.  If this ever becomes untrue,
 	     * then sec_PKCS7EncryptLength needs to be made smarter!
 	     */
 	    PORT_Assert (ofraglen == pcount);
 	    /*
 	     * Account for the bytes now in output.
 	     */
 	    max_output_len -= ofraglen;
 	    output_len += ofraglen;
 	    output += ofraglen;
 	    pcount = 0;
 	}
     }
     if (input_len) {
 	PORT_Assert (pcount == 0);
 	blocks = input_len / bsize;
 	ifraglen = blocks * bsize;
 	if (ifraglen) {
 	    rv = (* cc->doit) (cc->cx, output, &ofraglen, max_output_len,
 				input, ifraglen);
 	    if (rv != SECSuccess)
 		return rv;
 	    /*
 	     * For now anyway, all of our ciphers have the same number of
 	     * bytes of output as they do input.  If this ever becomes untrue,
 	     * then sec_PKCS7EncryptLength needs to be made smarter!
 	     */
 	    PORT_Assert (ifraglen == ofraglen);
 	    max_output_len -= ofraglen;
 	    output_len += ofraglen;
 	    output += ofraglen;
 	}
 	pcount = input_len - ifraglen;
 	PORT_Assert (pcount < bsize);
 	if (pcount)
 	    PORT_Memcpy (pbuf, input + ifraglen, pcount);
     }
     if (final) {
 	padlen = padsize - (pcount % padsize);
 	PORT_Memset (pbuf + pcount, padlen, padlen);
 	rv = (* cc->doit) (cc->cx, output, &ofraglen, max_output_len,
 			    pbuf, pcount+padlen);
 	if (rv != SECSuccess)
 	    return rv;
 	/*
 	 * For now anyway, all of our ciphers have the same number of
 	 * bytes of output as they do input.  If this ever becomes untrue,
 	 * then sec_PKCS7EncryptLength needs to be made smarter!
 	 */
 	PORT_Assert (ofraglen == (pcount+padlen));
 	output_len += ofraglen;
     } else {
 	cc->pending_count = pcount;
     }
     PORT_Assert (output_len_p != NULL || output_len == 0);
     if (output_len_p != NULL)
 	*output_len_p = output_len;
     return SECSuccess;
 }

The Tor Browser / annotate

security/nss/lib/smime/cmscipher.c@b8a032363ba2 (annotated)

security/nss/lib/smime/cmscipher.c