X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/866f8763175ff60e4fa455b92b5eb660a12fe6c7..07691282a056c4efea71e1e505527601e8cc166b:/OSX/libsecurity_cms/lib/CMSEncoder.cpp?ds=sidebyside diff --git a/OSX/libsecurity_cms/lib/CMSEncoder.cpp b/OSX/libsecurity_cms/lib/CMSEncoder.cpp index c3f43147..de3b2c1e 100644 --- a/OSX/libsecurity_cms/lib/CMSEncoder.cpp +++ b/OSX/libsecurity_cms/lib/CMSEncoder.cpp @@ -98,6 +98,8 @@ struct _CMSEncoder { CMSCertificateChainMode chainMode; CFDataRef hashAgilityAttrValue; + CFDictionaryRef hashAgilityV2AttrValues; + CFAbsoluteTime expirationTime; }; static void cmsEncoderInit(CFTypeRef enc); @@ -279,12 +281,20 @@ static int convertOid( // CFStringRef: OID representation is a dotted-decimal string CFStringRef inStr = (CFStringRef)inRef; CFIndex max = CFStringGetLength(inStr) * 3; - char buf[max]; - if (!CFStringGetCString(inStr, buf, max-1, kCFStringEncodingASCII)) + char *buf = (char *)malloc(max); + if (!buf) { + return errSecMemoryError; + } + if (!CFStringGetCString(inStr, buf, max-1, kCFStringEncodingASCII)) { + free(buf); return errSecParam; + } - if(encodeOid((unsigned char *)buf, &oidData, &oidLen) != 0) + if (encodeOid((unsigned char *)buf, &oidData, &oidLen) != 0) { + free(buf); return errSecParam; + } + free(buf); } else if (CFGetTypeID(inRef) == CFDataGetTypeID()) { // CFDataRef: OID representation is in binary DER format @@ -532,6 +542,24 @@ static OSStatus cmsSetupForSignedData( break; } } + if(cmsEncoder->signedAttributes & kCMSAttrAppleCodesigningHashAgilityV2) { + ortn = SecCmsSignerInfoAddAppleCodesigningHashAgilityV2(signerInfo, cmsEncoder->hashAgilityV2AttrValues); + /* libsecurity_smime made a copy of the attribute value. We don't need it anymore. */ + CFReleaseNull(cmsEncoder->hashAgilityV2AttrValues); + if(ortn) { + ortn = cmsRtnToOSStatus(ortn); + CSSM_PERROR("SecCmsSignerInfoAddAppleCodesigningHashAgilityV2", ortn); + break; + } + } + if (cmsEncoder->signedAttributes & kCMSAttrAppleExpirationTime) { + ortn = SecCmsSignerInfoAddAppleExpirationTime(signerInfo, cmsEncoder->expirationTime); + if(ortn) { + ortn = cmsRtnToOSStatus(ortn); + CSSM_PERROR("SecCmsSignerInfoAddAppleExpirationTime", ortn); + break; + } + } ortn = SecCmsSignedDataAddSignerInfo(signedData, signerInfo); if(ortn) { @@ -1024,6 +1052,40 @@ OSStatus CMSEncoderSetAppleCodesigningHashAgility( return errSecSuccess; } +/* + * Set the hash agility attribute for a CMSEncoder. + * This is only used if the kCMSAttrAppleCodesigningHashAgilityV2 attribute + * is included. + */ +OSStatus CMSEncoderSetAppleCodesigningHashAgilityV2( + CMSEncoderRef cmsEncoder, + CFDictionaryRef hashAgilityV2AttrValues) +{ + if (cmsEncoder == NULL || cmsEncoder->encState != ES_Init) { + return errSecParam; + } + cmsEncoder->hashAgilityV2AttrValues = CFRetainSafe(hashAgilityV2AttrValues); + return errSecSuccess; +} + +/* + * Set the expiration time for a CMSEncoder. + * This is only used if the kCMSAttrAppleExpirationTime attribute is included. + */ +OSStatus CMSEncoderSetAppleExpirationTime( + CMSEncoderRef cmsEncoder, + CFAbsoluteTime time) +{ + if(cmsEncoder == NULL) { + return errSecParam; + } + if(cmsEncoder->encState != ES_Init) { + return errSecParam; + } + cmsEncoder->expirationTime = time; + return errSecSuccess; +} + OSStatus CMSEncoderSetCertificateChainMode( CMSEncoderRef cmsEncoder, CMSCertificateChainMode chainMode)