#include <security_utilities/dispatch.h>
#include <security_utilities/hashing.h>
#include <security_utilities/unix++.h>
+#if TARGET_OS_OSX
#include <security_cdsa_utilities/cssmdata.h>
+#endif
#include <copyfile.h>
#include <asl.h>
#include <cstdarg>
void hashOfCertificate(SecCertificateRef cert, SHA1::Digest digest);
bool verifyHash(SecCertificateRef cert, const Hashing::Byte *digest);
+
+inline size_t scanFileData(UnixPlusPlus::FileDesc fd, size_t limit, void (^handle)(const void *buffer, size_t size))
+{
+ UnixPlusPlus::FileDesc::UnixStat st;
+ size_t total = 0;
+ unsigned char *buffer = NULL;
+
+ try {
+ fd.fstat(st);
+ size_t bufSize = MAX(64 * 1024, st.st_blksize);
+ buffer = (unsigned char *)valloc(bufSize);
+ if (!buffer)
+ return 0;
+
+ for (;;) {
+ size_t size = bufSize;
+ if (limit && limit < size)
+ size = limit;
+ size_t got = fd.read(buffer, size);
+ total += got;
+ if (fd.atEnd())
+ break;
+ handle(buffer, got);
+ if (limit && (limit -= got) == 0)
+ break;
+ }
+ }
+ catch(...) {
+ /* don't leak this on error */
+ if (buffer)
+ free(buffer);
+ throw;
+ }
+
+ free(buffer);
+ return total;
+}
+
//
// Calculate hashes of (a section of) a file.
template <class _Hash>
size_t hashFileData(UnixPlusPlus::FileDesc fd, _Hash *hasher, size_t limit = 0)
{
- unsigned char buffer[4096];
- size_t total = 0;
- for (;;) {
- size_t size = sizeof(buffer);
- if (limit && limit < size)
- size = limit;
- size_t got = fd.read(buffer, size);
- total += got;
- if (fd.atEnd())
- break;
- hasher->update(buffer, got);
- if (limit && (limit -= got) == 0)
- break;
- }
- return total;
+ return scanFileData(fd, limit, ^(const void *buffer, size_t size) {
+ hasher->update(buffer, size);
+ });
}
template <class _Hash>
UnixPlusPlus::AutoFileDesc fd(path);
return hashFileData(fd, hasher);
}
-
+
//
// Check to see if a certificate contains a particular field, by OID. This works for extensions,
// even ones not recognized by the local CL. It does not return any value, only presence.
//
+
+#if TARGET_OS_OSX
bool certificateHasField(SecCertificateRef cert, const CSSM_OID &oid);
bool certificateHasPolicy(SecCertificateRef cert, const CSSM_OID &policyOid);
-
+#endif
//
// Encapsulation of the copyfile(3) API.
public:
MessageTrace(const char *domain, const char *signature);
~MessageTrace() { ::asl_free(mAsl); }
- void add(const char *key, const char *format, ...);
- void send(const char *format, ...);
+ void add(const char *key, const char *format, ...) __attribute__((format(printf,3,4)));
+ void send(const char *format, ...) __attribute__((format(printf,2,3)));
private:
aslmsg mAsl;
class UidGuard {
public:
UidGuard() : mPrevious(-1) { }
- UidGuard(uid_t uid) : mPrevious(-1) { seteuid(uid); }
+ UidGuard(uid_t uid) : mPrevious(-1) { (void)seteuid(uid); }
~UidGuard()
{
if (active())
projects / apple / security.git / blobdiff