Security-59306.61.1.tar.gz

[apple/security.git] / OSX / libsecurity_cms / lib / CMSEncoder.cpp
diff --git a/OSX/libsecurity_cms/lib/CMSEncoder.cpp b/OSX/libsecurity_cms/lib/CMSEncoder.cpp

index f8cb11bece9b449e63fa23d3fc98db090e2c7d54..27d6810dacc5626d29b60c7363f84c8b2ba46665 100644 (file)
--- a/OSX/libsecurity_cms/lib/CMSEncoder.cpp
+++ b/OSX/libsecurity_cms/lib/CMSEncoder.cpp
@@ -25,8 +25,8 @@
   * CMSEncoder.cpp - encode, sign, and/or encrypt CMS messages. 
   */
   
   * CMSEncoder.cpp - encode, sign, and/or encrypt CMS messages. 
   */
   
-#include "CMSEncoder.h"
-#include "CMSPrivate.h"
+#include <Security/CMSEncoder.h>
+#include <Security/CMSPrivate.h>
  #include "CMSUtils.h"
  #include <Security/SecBase.h>
  #include <Security/SecCmsEncoder.h>
  #include "CMSUtils.h"
  #include <Security/SecBase.h>
  #include <Security/SecCmsEncoder.h>
@@ -99,6 +99,7 @@ struct _CMSEncoder {
         CMSCertificateChainMode chainMode;
      CFDataRef           hashAgilityAttrValue;
      CFDictionaryRef     hashAgilityV2AttrValues;
         CMSCertificateChainMode chainMode;
      CFDataRef           hashAgilityAttrValue;
      CFDictionaryRef     hashAgilityV2AttrValues;
+    CFAbsoluteTime      expirationTime;
  };
  
  static void cmsEncoderInit(CFTypeRef enc);
  };
  
  static void cmsEncoderInit(CFTypeRef enc);
@@ -280,12 +281,20 @@ static int convertOid(
                 // CFStringRef: OID representation is a dotted-decimal string
                 CFStringRef inStr = (CFStringRef)inRef;
                 CFIndex max = CFStringGetLength(inStr) * 3;
                 // CFStringRef: OID representation is a dotted-decimal string
                 CFStringRef inStr = (CFStringRef)inRef;
                 CFIndex max = CFStringGetLength(inStr) * 3;
-               char buf[max];
-               if (!CFStringGetCString(inStr, buf, max-1, kCFStringEncodingASCII))
+               char *buf = (char *)malloc(max);
+               if (!buf) {
+                       return errSecMemoryError;
+               }
+               if (!CFStringGetCString(inStr, buf, max-1, kCFStringEncodingASCII)) {
+                       free(buf);
                         return errSecParam;
                         return errSecParam;
+               }
  
  
-               if(encodeOid((unsigned char *)buf, &oidData, &oidLen) != 0)
+               if (encodeOid((unsigned char *)buf, &oidData, &oidLen) != 0) {
+                       free(buf);
                         return errSecParam;
                         return errSecParam;
+               }
+               free(buf);
         }
         else if (CFGetTypeID(inRef) == CFDataGetTypeID()) {
                 // CFDataRef: OID representation is in binary DER format
         }
         else if (CFGetTypeID(inRef) == CFDataGetTypeID()) {
                 // CFDataRef: OID representation is in binary DER format
@@ -459,6 +468,9 @@ static OSStatus cmsSetupForSignedData(
                 case kCMSCertificateChainWithRoot:
                         chainMode = SecCmsCMCertChainWithRoot;
                         break;
                 case kCMSCertificateChainWithRoot:
                         chainMode = SecCmsCMCertChainWithRoot;
                         break;
+               case kCMSCertificateChainWithRootOrFail:
+                       chainMode = SecCmsCMCertChainWithRootOrFail;
+                       break;
                 default:
                         break;
         }
                 default:
                         break;
         }
@@ -543,6 +555,14 @@ static OSStatus cmsSetupForSignedData(
                  break;
              }
          }
                  break;
              }
          }
+        if (cmsEncoder->signedAttributes & kCMSAttrAppleExpirationTime) {
+            ortn = SecCmsSignerInfoAddAppleExpirationTime(signerInfo, cmsEncoder->expirationTime);
+            if(ortn) {
+                ortn = cmsRtnToOSStatus(ortn);
+                CSSM_PERROR("SecCmsSignerInfoAddAppleExpirationTime", ortn);
+                break;
+            }
+        }
                 
                 ortn = SecCmsSignedDataAddSignerInfo(signedData, signerInfo);
                 if(ortn) {
                 
                 ortn = SecCmsSignedDataAddSignerInfo(signedData, signerInfo);
                 if(ortn) {
@@ -1051,6 +1071,24 @@ OSStatus CMSEncoderSetAppleCodesigningHashAgilityV2(
      return errSecSuccess;
  }
  
      return errSecSuccess;
  }
  
+/*
+ * Set the expiration time for a CMSEncoder.
+ * This is only used if the kCMSAttrAppleExpirationTime attribute is included.
+ */
+OSStatus CMSEncoderSetAppleExpirationTime(
+    CMSEncoderRef        cmsEncoder,
+    CFAbsoluteTime        time)
+{
+    if(cmsEncoder == NULL) {
+        return errSecParam;
+    }
+    if(cmsEncoder->encState != ES_Init) {
+        return errSecParam;
+    }
+    cmsEncoder->expirationTime = time;
+    return errSecSuccess;
+}
+
  OSStatus CMSEncoderSetCertificateChainMode(
         CMSEncoderRef                   cmsEncoder,
         CMSCertificateChainMode chainMode)
  OSStatus CMSEncoderSetCertificateChainMode(
         CMSEncoderRef                   cmsEncoder,
         CMSCertificateChainMode chainMode)
@@ -1066,6 +1104,7 @@ OSStatus CMSEncoderSetCertificateChainMode(
                 case kCMSCertificateSignerOnly:
                 case kCMSCertificateChain:
                 case kCMSCertificateChainWithRoot:
                 case kCMSCertificateSignerOnly:
                 case kCMSCertificateChain:
                 case kCMSCertificateChainWithRoot:
+               case kCMSCertificateChainWithRootOrFail:
                         break;
                 default:
                         return errSecParam;
                         break;
                 default:
                         return errSecParam;