X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/b1ab9ed8d0e0f1c3b66d7daa8fd5564444c56195..b04fe171f0375ecd5d8a24747ca1dff85720a0ca:/libsecurity_smime/lib/cmsutil.c diff --git a/libsecurity_smime/lib/cmsutil.c b/libsecurity_smime/lib/cmsutil.c index 80bd2792..9ed5d173 100644 --- a/libsecurity_smime/lib/cmsutil.c +++ b/libsecurity_smime/lib/cmsutil.c @@ -36,18 +36,28 @@ */ #include /* @@@ Remove this when we move the Encoder method. */ +#include #include "cmslocal.h" -#include "secitem.h" +#include "SecAsn1Item.h" #include "secoid.h" #include "cryptohi.h" #include #include +#include + +#if USE_CDSA_CRYPTO #include #include -#include +#include + +#else +#include +#include + +#endif /* @@ -62,7 +72,7 @@ SecCmsArraySortByDER(void **objs, const SecAsn1Template *objtemplate, void **obj { PRArenaPool *poolp; int num_objs; - CSSM_DATA_PTR *enc_objs; + SecAsn1Item **enc_objs; OSStatus rv = SECFailure; int i; @@ -81,7 +91,11 @@ SecCmsArraySortByDER(void **objs, const SecAsn1Template *objtemplate, void **obj * Allocate arrays to hold the individual encodings which we will use * for comparisons and the reordered attributes as they are sorted. */ - enc_objs = (CSSM_DATA_PTR *)PORT_ArenaZAlloc(poolp, (num_objs + 1) * sizeof(CSSM_DATA_PTR)); + // Security check to prevent under-allocation + if (num_objs<0 || num_objs>=(int)((INT_MAX/sizeof(SecAsn1Item *))-1)) { + goto loser; + } + enc_objs = (SecAsn1Item **)PORT_ArenaZAlloc(poolp, (num_objs + 1) * sizeof(SecAsn1Item *)); if (enc_objs == NULL) goto loser; @@ -105,14 +119,13 @@ loser: /* * SecCmsUtilDERCompare - for use with SecCmsArraySort to - * sort arrays of CSSM_DATAs containing DER + * sort arrays of SecAsn1Items containing DER */ int SecCmsUtilDERCompare(void *a, void *b) { - CSSM_DATA_PTR der1 = (CSSM_DATA_PTR)a; - CSSM_DATA_PTR der2 = (CSSM_DATA_PTR)b; - int j; + SecAsn1Item * der1 = (SecAsn1Item *)a; + SecAsn1Item * der2 = (SecAsn1Item *)b; /* * Find the lowest (lexigraphically) encoding. One that is @@ -128,12 +141,17 @@ SecCmsUtilDERCompare(void *a, void *b) if (der1->Length != der2->Length) return (der1->Length < der2->Length) ? -1 : 1; +#if 1 + return memcmp(der1->Data, der2->Data, der1->Length); +#else + size_t j; for (j = 0; j < der1->Length; j++) { if (der1->Data[j] == der2->Data[j]) continue; return (der1->Data[j] < der2->Data[j]) ? -1 : 1; } return 0; +#endif } /* @@ -209,12 +227,17 @@ SecCmsAlgArrayGetIndexByAlgTag(SECAlgorithmID **algorithmArray, return i; } +#if USE_CDSA_CRYPTO CSSM_CC_HANDLE +#else +void * +#endif SecCmsUtilGetHashObjByAlgID(SECAlgorithmID *algid) { SECOidData *oidData = SECOID_FindOID(&(algid->algorithm)); if (oidData) { +#if USE_CDSA_CRYPTO CSSM_ALGORITHMS alg = oidData->cssmAlgorithm; if (alg) { @@ -224,6 +247,38 @@ SecCmsUtilGetHashObjByAlgID(SECAlgorithmID *algid) if (!CSSM_CSP_CreateDigestContext(cspHandle, alg, &digobj)) return digobj; } +#else + void *digobj = NULL; + switch (oidData->offset) { + case SEC_OID_SHA1: + digobj = calloc(1, sizeof(CC_SHA1_CTX)); + CC_SHA1_Init(digobj); + break; + case SEC_OID_MD5: + digobj = calloc(1, sizeof(CC_MD5_CTX)); + CC_MD5_Init(digobj); + break; + case SEC_OID_SHA224: + digobj = calloc(1, sizeof(CC_SHA256_CTX)); + CC_SHA224_Init(digobj); + break; + case SEC_OID_SHA256: + digobj = calloc(1, sizeof(CC_SHA256_CTX)); + CC_SHA256_Init(digobj); + break; + case SEC_OID_SHA384: + digobj = calloc(1, sizeof(CC_SHA512_CTX)); + CC_SHA384_Init(digobj); + break; + case SEC_OID_SHA512: + digobj = calloc(1, sizeof(CC_SHA512_CTX)); + CC_SHA512_Init(digobj); + break; + default: + break; + } + return digobj; +#endif } return 0; @@ -264,16 +319,22 @@ SecCmsUtilMakeSignatureAlgorithm(SECOidTag hashalg, SECOidTag encalg) return SEC_OID_UNKNOWN; } case SEC_OID_EC_PUBLIC_KEY: - switch(hashalg) { - /* - * Note this is only used when signing and verifying signed attributes, - * In which case we really do want the combined ECDSA_WithSHA1 alg... - */ - case SEC_OID_SHA1: - return SEC_OID_ECDSA_WithSHA1; - default: - return SEC_OID_UNKNOWN; - } + switch(hashalg) { + /* + * Note this is only used when signing and verifying signed attributes, + * In which case we really do want the combined ECDSA_WithSHA1 alg... + */ + case SEC_OID_SHA1: + return SEC_OID_ECDSA_WithSHA1; + case SEC_OID_SHA256: + return SEC_OID_ECDSA_WITH_SHA256; + case SEC_OID_SHA384: + return SEC_OID_ECDSA_WITH_SHA384; + case SEC_OID_SHA512: + return SEC_OID_ECDSA_WITH_SHA512; + default: + return SEC_OID_UNKNOWN; + } default: break; } @@ -305,7 +366,6 @@ SecCmsUtilGetTemplateByTypeTag(SECOidTag type) break; default: case SEC_OID_PKCS7_DATA: - case SEC_OID_OTHER: template = NULL; break; } @@ -384,29 +444,3 @@ SecCmsUtilVerificationStatusToString(SecCmsVerificationStatus vs) default: return "Unknown"; } } - -OSStatus -SecArenaPoolCreate(size_t chunksize, SecArenaPoolRef *outArena) -{ - OSStatus status; - - if (!outArena) { - status = paramErr; - goto loser; - } - - *outArena = (SecArenaPoolRef)PORT_NewArena(chunksize); - if (*outArena) - status = 0; - else - status = PORT_GetError(); - -loser: - return status; -} - -void -SecArenaPoolFree(SecArenaPoolRef arena, Boolean zero) -{ - PORT_FreeArena((PLArenaPool *)arena, zero); -}