/* did we have digest calculation going on? */
if (cinfo->digcx) {
rv = SecCmsDigestContextFinishMultiple(cinfo->digcx, (SecArenaPoolRef)poolp, &(sigd->digests));
+ cinfo->digcx = NULL;
if (rv != SECSuccess)
goto loser; /* error has been set by SecCmsDigestContextFinishMultiple */
- cinfo->digcx = NULL;
}
signerinfos = sigd->signerInfos;
{
/* did we have digest calculation going on? */
if (sigd->contentInfo.digcx) {
- if (SecCmsDigestContextFinishMultiple(sigd->contentInfo.digcx, (SecArenaPoolRef)sigd->cmsg->poolp, &(sigd->digests)) != SECSuccess)
+ if (SecCmsDigestContextFinishMultiple(sigd->contentInfo.digcx, (SecArenaPoolRef)sigd->cmsg->poolp, &(sigd->digests)) != SECSuccess) {
+ sigd->contentInfo.digcx = NULL;
return SECFailure; /* error has been set by SecCmsDigestContextFinishMultiple */
+ }
sigd->contentInfo.digcx = NULL;
}
return SECSuccess;
SecCmsSignerInfoRef *signerinfos;
int i;
+ if (!sigd) {
+ return SECFailure;
+ }
+
signerinfos = sigd->signerInfos;
/* set cmsg and sigd backpointers for all the signerinfos */
contentType = SecCmsContentInfoGetContentTypeOID(cinfo);
/* verify signature */
-#if SECTRUST_OSX
-#warning STU: <rdar://21328501>
- // timestamp policy is currently unsupported; use codesign policy only
- #if !NDEBUG
- syslog(LOG_ERR, "SecCmsSignedDataVerifySignerInfo: using codesign policy without timestamp verification");
- #endif
- CFTypeRef timeStampPolicies=SecPolicyCreateWithProperties(kSecPolicyAppleCodeSigning, NULL);
-#else
CFTypeRef timeStampPolicies=SecPolicyCreateAppleTimeStampingAndRevocationPolicies(policies);
-#endif
status = SecCmsSignerInfoVerifyWithPolicy(signerinfo, timeStampPolicies, digest, contentType);
CFReleaseSafe(timeStampPolicies);
status2 = SecCmsSignerInfoVerifyCertificate(signerinfo, keychainOrArray,
policies, trustRef);
dprintf("SecCmsSignedDataVerifySignerInfo: status %d status2 %d\n", (int) status, (int)status2);
- if(status || status2) {
- syslog(LOG_ERR,"SecCmsSignedDataVerifySignerInfo: status %d status2 %d.", (int) status, (int)status2);
- syslog(LOG_ERR,"SecCmsSignedDataVerifySignerInfo: verify status %d", signerinfo->verificationStatus);
- }
/* The error from SecCmsSignerInfoVerify() supercedes error from SecCmsSignerInfoVerifyCertificate(). */
if (status)
return status;
{
int idx;
- if(sigd->digests == NULL) {
- return NULL;
- }
+ if(sigd == NULL || sigd->digests == NULL) {
+ return NULL;
+ }
idx = SecCmsAlgArrayGetIndexByAlgTag(sigd->digestAlgorithms, algtag);
- return sigd->digests[idx];
+ return (idx >= 0) ? sigd->digests[idx] : NULL;
}
/*
{
int cnt, i, idx;
- if (sigd->digestAlgorithms == NULL) {
+ /* Check input structure and items in structure */
+ if (sigd == NULL || sigd->digestAlgorithms == NULL || sigd->cmsg == NULL || sigd->cmsg->poolp == NULL) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
projects / apple / security.git / blobdiff