From 9b6b7ac94658d65204fab0146907ac8c6af287bb Mon Sep 17 00:00:00 2001
From: Paul Gardiner <paul.gardiner@artifex.com>
Date: Wed, 24 Jan 2018 15:59:03 +0000
Subject: Signature support: break out function for obtaining hash bytes

---
 source/pdf/pdf-form.c      | 30 ++++++++++++++++++++++++++++++
 source/pdf/pdf-signature.c | 15 ++-------------
 2 files changed, 32 insertions(+), 13 deletions(-)

(limited to 'source/pdf')

diff --git a/source/pdf/pdf-form.c b/source/pdf/pdf-form.c
index 36d07ee1..88737ce4 100644
--- a/source/pdf/pdf-form.c
+++ b/source/pdf/pdf-form.c
@@ -1295,6 +1295,36 @@ int pdf_signature_widget_byte_range(fz_context *ctx, pdf_document *doc, pdf_widg
 	return n;
 }
 
+fz_stream *pdf_signature_widget_hash_bytes(fz_context *ctx, pdf_document *doc, pdf_widget *widget)
+{
+	fz_range *byte_range = NULL;
+	int byte_range_len;
+	fz_stream *bytes = NULL;
+
+	fz_var(byte_range);
+	fz_try(ctx)
+	{
+		byte_range_len = pdf_signature_widget_byte_range(ctx, doc, widget, NULL);
+		if (byte_range_len)
+		{
+			byte_range = fz_calloc(ctx, byte_range_len, sizeof(*byte_range));
+			pdf_signature_widget_byte_range(ctx, doc, widget, byte_range);
+		}
+
+		bytes = fz_open_null_n(ctx, fz_keep_stream(ctx, doc->file), byte_range, byte_range_len);
+	}
+	fz_always(ctx)
+	{
+		fz_free(ctx, byte_range);
+	}
+	fz_catch(ctx)
+	{
+		fz_rethrow(ctx);
+	}
+
+	return bytes;
+}
+
 int pdf_signature_widget_contents(fz_context *ctx, pdf_document *doc, pdf_widget *widget, char **contents)
 {
 	pdf_annot *annot = (pdf_annot *)widget;
diff --git a/source/pdf/pdf-signature.c b/source/pdf/pdf-signature.c
index 511023c1..3d96a261 100644
--- a/source/pdf/pdf-signature.c
+++ b/source/pdf/pdf-signature.c
@@ -79,8 +79,6 @@ void pdf_write_digest(fz_context *ctx, fz_output *out, pdf_obj *byte_range, int
 
 int pdf_check_signature(fz_context *ctx, pdf_document *doc, pdf_widget *widget, char *ebuf, int ebufsize)
 {
-	fz_range *byte_range = NULL;
-	int byte_range_len;
 	fz_stream *bytes = NULL;
 	char *contents = NULL;
 	int contents_len;
@@ -94,24 +92,16 @@ int pdf_check_signature(fz_context *ctx, pdf_document *doc, pdf_widget *widget,
 		return 0;
 	}
 
-	fz_var(byte_range);
 	fz_var(bytes);
 	fz_var(res);
 	fz_try(ctx)
 	{
-		byte_range_len = pdf_signature_widget_byte_range(ctx, doc, widget, NULL);
-		if (byte_range_len)
-		{
-			byte_range = fz_calloc(ctx, byte_range_len, sizeof(*byte_range));
-			pdf_signature_widget_byte_range(ctx, doc, widget, byte_range);
-		}
-
 		contents_len = pdf_signature_widget_contents(ctx, doc, widget, &contents);
-		if (byte_range && contents)
+		if (contents)
 		{
 			SignatureError err;
 
-			bytes = fz_open_null_n(ctx, fz_keep_stream(ctx, doc->file), byte_range, byte_range_len);
+			bytes = pdf_signature_widget_hash_bytes(ctx, doc, widget);
 			err = pdf_pkcs7_check_digest(ctx, bytes, contents, contents_len);
 			if (err == SignatureError_Okay)
 				err = pdf_pkcs7_check_certificate(contents, contents_len);
@@ -176,7 +166,6 @@ int pdf_check_signature(fz_context *ctx, pdf_document *doc, pdf_widget *widget,
 	fz_always(ctx)
 	{
 		fz_drop_stream(ctx, bytes);
-		fz_free(ctx, byte_range);
 	}
 	fz_catch(ctx)
 	{
-- 
cgit v1.2.3