X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/5c19dc3ae3bd8e40a9c028b0deddd50ff337692c..dd5fb164cf5b32c462296bc65e289e100f74b59a:/OSX/libsecurity_cms/lib/CMSEncoder.cpp?ds=inline diff --git a/OSX/libsecurity_cms/lib/CMSEncoder.cpp b/OSX/libsecurity_cms/lib/CMSEncoder.cpp index c60110c7..c3f43147 100644 --- a/OSX/libsecurity_cms/lib/CMSEncoder.cpp +++ b/OSX/libsecurity_cms/lib/CMSEncoder.cpp @@ -47,6 +47,7 @@ #include #include #include +#include #include #include @@ -96,6 +97,7 @@ struct _CMSEncoder { SECOidTag digestalgtag; CMSCertificateChainMode chainMode; + CFDataRef hashAgilityAttrValue; }; static void cmsEncoderInit(CFTypeRef enc); @@ -243,12 +245,12 @@ static int encodeOid( for(digit=0; digitotherCerts); if(cmsEncoder->cmsMsg != NULL) { SecCmsMessageDestroy(cmsEncoder->cmsMsg); + cmsEncoder->cmsMsg = NULL; } if(cmsEncoder->arena != NULL) { SecArenaPoolFree(cmsEncoder->arena, false); @@ -442,7 +445,6 @@ static OSStatus cmsSetupForSignedData( numSigners = CFArrayGetCount(cmsEncoder->signers); } CFIndex dex; - SecKeychainRef ourKc = NULL; SecCertificateRef ourCert = NULL; SecCmsCertChainMode chainMode = SecCmsCMCertChain; @@ -469,11 +471,6 @@ static OSStatus cmsSetupForSignedData( CSSM_PERROR("SecIdentityCopyCertificate", ortn); break; } - ortn = SecKeychainItemCopyKeychain((SecKeychainItemRef)ourCert, &ourKc); - if(ortn) { - CSSM_PERROR("SecKeychainItemCopyKeychain", ortn); - break; - } signerInfo = SecCmsSignerInfoCreate(cmsEncoder->cmsMsg, ourId, cmsEncoder->digestalgtag); if (signerInfo == NULL) { ortn = errSecInternalComponent; @@ -500,7 +497,7 @@ static OSStatus cmsSetupForSignedData( } } if(cmsEncoder->signedAttributes & kCMSAttrSmimeEncryptionKeyPrefs) { - ortn = SecCmsSignerInfoAddSMIMEEncKeyPrefs(signerInfo, ourCert, ourKc); + ortn = SecCmsSignerInfoAddSMIMEEncKeyPrefs(signerInfo, ourCert, NULL); if(ortn) { ortn = cmsRtnToOSStatus(ortn); CSSM_PERROR("SecCmsSignerInfoAddSMIMEEncKeyPrefs", ortn); @@ -508,7 +505,7 @@ static OSStatus cmsSetupForSignedData( } } if(cmsEncoder->signedAttributes & kCMSAttrSmimeMSEncryptionKeyPrefs) { - ortn = SecCmsSignerInfoAddMSSMIMEEncKeyPrefs(signerInfo, ourCert, ourKc); + ortn = SecCmsSignerInfoAddMSSMIMEEncKeyPrefs(signerInfo, ourCert, NULL); if(ortn) { ortn = cmsRtnToOSStatus(ortn); CSSM_PERROR("SecCmsSignerInfoAddMSSMIMEEncKeyPrefs", ortn); @@ -525,6 +522,16 @@ static OSStatus cmsSetupForSignedData( break; } } + if(cmsEncoder->signedAttributes & kCMSAttrAppleCodesigningHashAgility) { + ortn = SecCmsSignerInfoAddAppleCodesigningHashAgility(signerInfo, cmsEncoder->hashAgilityAttrValue); + /* libsecurity_smime made a copy of the attribute value. We don't need it anymore. */ + CFReleaseNull(cmsEncoder->hashAgilityAttrValue); + if(ortn) { + ortn = cmsRtnToOSStatus(ortn); + CSSM_PERROR("SecCmsSignerInfoAddAppleCodesigningHashAgility", ortn); + break; + } + } ortn = SecCmsSignedDataAddSignerInfo(signedData, signerInfo); if(ortn) { @@ -533,13 +540,10 @@ static OSStatus cmsSetupForSignedData( break; } - CFRELEASE(ourKc); CFRELEASE(ourCert); - ourKc = NULL; ourCert = NULL; } if(ortn) { - CFRELEASE(ourKc); CFRELEASE(ourCert); } return ortn; @@ -982,7 +986,7 @@ OSStatus CMSEncoderAddSignedAttributes( if(cmsEncoder->encState != ES_Init) { return errSecParam; } - cmsEncoder->signedAttributes = signedAttributes; + cmsEncoder->signedAttributes |= signedAttributes; return errSecSuccess; } @@ -1004,6 +1008,21 @@ OSStatus CMSEncoderSetSigningTime( return errSecSuccess; } +/* + * Set the hash agility attribute for a CMSEncoder. + * This is only used if the kCMSAttrAppleCodesigningHashAgility attribute + * is included. + */ +OSStatus CMSEncoderSetAppleCodesigningHashAgility( + CMSEncoderRef cmsEncoder, + CFDataRef hashAgilityAttrValue) +{ + if (cmsEncoder == NULL || cmsEncoder->encState != ES_Init) { + return errSecParam; + } + cmsEncoder->hashAgilityAttrValue = CFRetainSafe(hashAgilityAttrValue); + return errSecSuccess; +} OSStatus CMSEncoderSetCertificateChainMode( CMSEncoderRef cmsEncoder,