Bug 1528615 - regression fix for opaque S/MIME signatures. r=rrelyea a=jorgk
authorKai Engert <kaie@kuix.de>
Tue, 19 Feb 2019 21:28:11 +0100
changeset 34355 f9037fd1be3d
parent 34354 b334fb81d2a8
child 34356 e243207d0509
push id389
push userclokep@gmail.com
push dateMon, 18 Mar 2019 19:01:53 +0000
reviewersrrelyea, jorgk
bugs1528615
Bug 1528615 - regression fix for opaque S/MIME signatures. r=rrelyea a=jorgk
mailnews/mime/src/nsCMS.cpp
--- a/mailnews/mime/src/nsCMS.cpp
+++ b/mailnews/mime/src/nsCMS.cpp
@@ -221,35 +221,35 @@ nsCMSMessage::CommonVerifySignature(unsi
   }
 
   if (!sigd) {
     MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("nsCMSMessage::CommonVerifySignature - no content info\n"));
     rv = NS_ERROR_CMS_VERIFY_NO_CONTENT_INFO;
     goto loser;
   }
 
-  if (NSS_CMSSignedData_HasDigests(sigd)) {
-    SECAlgorithmID **existingAlgs = NSS_CMSSignedData_GetDigestAlgs(sigd);
-    if (existingAlgs) {
-      while (*existingAlgs) {
-        SECAlgorithmID *alg = *existingAlgs;
-        SECOidTag algOIDTag = SECOID_FindOIDTag(&alg->algorithm);
-        NSS_CMSSignedData_SetDigestValue(sigd, algOIDTag, NULL);
-        ++existingAlgs;
-      }
-    }
-  }
-
   if (aDigestData && aDigestDataLen)
   {
     SECOidTag oidTag;
     SECItem digest;
     digest.data = aDigestData;
     digest.len = aDigestDataLen;
 
+    if (NSS_CMSSignedData_HasDigests(sigd)) {
+      SECAlgorithmID **existingAlgs = NSS_CMSSignedData_GetDigestAlgs(sigd);
+      if (existingAlgs) {
+        while (*existingAlgs) {
+          SECAlgorithmID *alg = *existingAlgs;
+          SECOidTag algOIDTag = SECOID_FindOIDTag(&alg->algorithm);
+          NSS_CMSSignedData_SetDigestValue(sigd, algOIDTag, NULL);
+          ++existingAlgs;
+        }
+      }
+    }
+
     if (!GetIntHashToOidHash(aDigestType, oidTag)) {
       rv = NS_ERROR_CMS_VERIFY_BAD_DIGEST;
       goto loser;
     }
 
     if (NSS_CMSSignedData_SetDigestValue(sigd, oidTag, &digest)) {
       MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("nsCMSMessage::CommonVerifySignature - bad digest\n"));
       rv = NS_ERROR_CMS_VERIFY_BAD_DIGEST;