]> git.saurik.com Git - apple/libsecurity_codesigning.git/blobdiff - lib/reqinterp.cpp
projects / apple / libsecurity_codesigning.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
libsecurity_codesigning-55005.tar.gz
[apple/libsecurity_codesigning.git] / lib / reqinterp.cpp
diff --git a/lib/reqinterp.cpp b/lib/reqinterp.cpp
index 089154bad8a5f855e719f854563c38e4fb457657..207efd88fdc26ade29f88a3786188f5085f4f9af 100644 (file)
--- a/lib/reqinterp.cpp
+++ b/lib/reqinterp.cpp
@@ -25,6 +25,7 @@
 // reqinterp - Requirement language (exprOp) interpreter
 //
 #include "reqinterp.h"
+#include "codesigning_dtrace.h"
 #include <Security/SecTrustSettingsPriv.h>
 #include <Security/SecCertificatePriv.h>
 #include <security_utilities/memutils.h>
@@ -56,6 +57,7 @@ Requirement::Interpreter::Interpreter(const Requirement *req, const Context *ctx
 bool Requirement::Interpreter::evaluate()
 {
        ExprOp op = ExprOp(get<uint32_t>());
+       CODESIGN_EVAL_REQINT_OP(op, this->pc() - sizeof(uint32_t));
        switch (op & ~opFlagMask) {
        case opFalse:
                return false;
@@ -125,10 +127,10 @@ bool Requirement::Interpreter::evaluate()
                        // unknown opcode, but it has a size field and can be safely bypassed
                        skip(get<uint32_t>());
                        if (op & opGenericFalse) {
-                               secdebug("csinterp", "opcode 0x%x interpreted as false", op);
+                               CODESIGN_EVAL_REQINT_UNKNOWN_FALSE(op);
                                return false;
                        } else {
-                               secdebug("csinterp", "opcode 0x%x ignored; continuing", op);
+                               CODESIGN_EVAL_REQINT_UNKNOWN_SKIPPED(op);
                                return evaluate();
                        }
                }
@@ -189,7 +191,7 @@ bool Requirement::Interpreter::certFieldValue(const string &key, const Match &ma
        for (const CertField *cf = certFields; cf->name; cf++)
                if (cf->name == key) {
                        CFRef<CFStringRef> value;
-                       if (IFDEBUG(OSStatus rc =) SecCertificateCopySubjectComponent(cert, cf->oid, &value.aref())) {
+                       if (OSStatus rc = SecCertificateCopySubjectComponent(cert, cf->oid, &value.aref())) {
                                secdebug("csinterp", "cert %p lookup for DN.%s failed rc=%ld", cert, key.c_str(), rc);
                                return false;
                        }
@@ -243,11 +245,11 @@ bool Requirement::Interpreter::appleAnchored()
 bool Requirement::Interpreter::appleSigned()
 {
        if (appleAnchored())
-                       if (SecCertificateRef intermed = mContext->cert(-2))    // first intermediate
-                               // first intermediate common name match (exact)
-                               if (certFieldValue("subject.CN", Match(appleIntermediateCN, matchEqual), intermed)
+               if (SecCertificateRef intermed = mContext->cert(-2))    // first intermediate
+                       // first intermediate common name match (exact)
+                       if (certFieldValue("subject.CN", Match(appleIntermediateCN, matchEqual), intermed)
                                        && certFieldValue("subject.O", Match(appleIntermediateO, matchEqual), intermed))
-                                       return true;
+                               return true;
        return false;
 }
 
mirror of libsecurity_codesigning