X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/5c19dc3ae3bd8e40a9c028b0deddd50ff337692c..7e6b461318c8a779d91381531435a68ee4e8b6ed:/OSX/libsecurity_keychain/lib/SecFDERecoveryAsymmetricCrypto.cpp diff --git a/OSX/libsecurity_keychain/lib/SecFDERecoveryAsymmetricCrypto.cpp b/OSX/libsecurity_keychain/lib/SecFDERecoveryAsymmetricCrypto.cpp index 8dfb57f8..187ee9c8 100644 --- a/OSX/libsecurity_keychain/lib/SecFDERecoveryAsymmetricCrypto.cpp +++ b/OSX/libsecurity_keychain/lib/SecFDERecoveryAsymmetricCrypto.cpp @@ -34,7 +34,7 @@ #include static void encodePrivateKeyHeader(const CssmData &inBlob, CFDataRef certificate, FVPrivateKeyHeader &outHeader); -static CFDataRef decodePrivateKeyHeader(SecKeychainRef keychainName, const FVPrivateKeyHeader &inHeader); +static CFDataRef CF_RETURNS_RETAINED decodePrivateKeyHeader(SecKeychainRef keychainName, const FVPrivateKeyHeader &inHeader); static void throwIfError(CSSM_RETURN rv); #pragma mark ----- Public SPI ----- @@ -65,7 +65,7 @@ CFDataRef SecFDERecoveryUnwrapCRSKWithPrivKey(SecKeychainRef keychain, const FVP catch (const CommonError &err) { __secapiresult=SecKeychainErrFromOSStatus(err.osStatus()); } catch (const std::bad_alloc &) { __secapiresult=errSecAllocate; } catch (...) { __secapiresult=errSecInternalComponent; } - secdebug("FDERecovery", "SecFDERecoveryUnwrapCRSKWithPrivKey: %d", (int)__secapiresult); + secinfo("FDERecovery", "SecFDERecoveryUnwrapCRSKWithPrivKey: %d", (int)__secapiresult); return result; } @@ -100,9 +100,13 @@ static void encodePrivateKeyHeader(const CssmData &inBlob, CFDataRef certificate passThrough(CSSM_APPLECSP_KEYDIGEST, NULL, &outData); CssmData *cssmData = reinterpret_cast(outData); - assert(cssmData->Length <= sizeof(outHeader.publicKeyHash)); outHeader.publicKeyHashSize = (uint32_t)cssmData->Length; - memcpy(outHeader.publicKeyHash, cssmData->Data, cssmData->Length); + if (outHeader.publicKeyHashSize > sizeof(outHeader.publicKeyHash)) { + secinfo("FDERecovery", "encodePrivateKeyHeader: publicKeyHash too big: %d", outHeader.publicKeyHashSize); + outHeader.publicKeyHashSize = 0; /* failed to copy hash value */ + } else { + memcpy(outHeader.publicKeyHash, cssmData->Data, outHeader.publicKeyHashSize); + } fCSP.allocator().free(cssmData->Data); fCSP.allocator().free(cssmData); @@ -115,7 +119,7 @@ static void encodePrivateKeyHeader(const CssmData &inBlob, CFDataRef certificate outHeader.encryptedBlobSize = (uint32_t)encrypt.encrypt(inBlob, clearBuf, remData.get()); if (outHeader.encryptedBlobSize > sizeof(outHeader.encryptedBlob)) - secdebug("FDERecovery", "encodePrivateKeyHeader: encrypted blob too big: %d", outHeader.encryptedBlobSize); + secinfo("FDERecovery", "encodePrivateKeyHeader: encrypted blob too big: %d", outHeader.encryptedBlobSize); } CFDataRef decodePrivateKeyHeader(SecKeychainRef keychain, const FVPrivateKeyHeader &inHeader) @@ -136,12 +140,13 @@ CFDataRef decodePrivateKeyHeader(SecKeychainRef keychain, const FVPrivateKeyHead CSSM_CC_HANDLE cc = 0; SecKeychainSearchRef _searchRef; - throwIfError(SecKeychainSearchCreateFromAttributes(keychain, CSSM_DL_DB_RECORD_PRIVATE_KEY, &attrList, &_searchRef)); + throwIfError(SecKeychainSearchCreateFromAttributes(keychain, (SecItemClass) CSSM_DL_DB_RECORD_PRIVATE_KEY, &attrList, &_searchRef)); CFRef searchRef(_searchRef); SecKeychainItemRef _item; - if (SecKeychainSearchCopyNext(searchRef, &_item)) - return false; + if (SecKeychainSearchCopyNext(searchRef, &_item) != 0) { + return NULL; // XXX possibly should throw here? + } CFRef keyItem(reinterpret_cast(_item)); throwIfError(SecKeyGetCSPHandle(keyItem, &cspHandle)); @@ -161,7 +166,7 @@ CFDataRef decodePrivateKeyHeader(SecKeychainRef keychain, const FVPrivateKeyHead CssmAutoData remData(allocator); size_t bytesDecrypted; CSSM_RETURN crx = CSSM_DecryptData(cc, &cipherBuf, 1, &clearBuf.get(), 1, &bytesDecrypted, &remData.get()); - secdebug("FDERecovery", "decodePrivateKeyHeader: CSSM_DecryptData result: %d", crx); + secinfo("FDERecovery", "decodePrivateKeyHeader: CSSM_DecryptData result: %d", crx); throwIfError(crx); // throwIfError(CSSM_DecryptData(cc, &cipherBuf, 1, &clearBuf.get(), 1, &bytesDecrypted, &remData.get())); clearBuf.length(bytesDecrypted);