X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/ce3c8656732c924baf7e88df75eab50891bdc471..fa7225c82381bac4432a6edf16f53b5370238d85:/OSX/sec/Security/Regressions/secitem/si-21-sectrust-asr.c

diff --git a/OSX/sec/Security/Regressions/secitem/si-21-sectrust-asr.c b/OSX/sec/Security/Regressions/secitem/si-21-sectrust-asr.c
index b8e1c56e..0e7e5350 100644
--- a/OSX/sec/Security/Regressions/secitem/si-21-sectrust-asr.c
+++ b/OSX/sec/Security/Regressions/secitem/si-21-sectrust-asr.c
@@ -12,14 +12,17 @@
 #include <Security/SecPolicyPriv.h>
 #include <Security/SecTrust.h>
 #include <Security/SecKey.h>
-#include <Security/SecInternal.h>
+#include <Security/SecKeyPriv.h>
 #include <CommonCrypto/CommonDigest.h>
 #include <CommonCrypto/CommonDigestSPI.h>
 
 #include <stdlib.h>
 #include <unistd.h>
 
-#include "Security_regressions.h"
+#include "shared_regressions.h"
+
+#define CFReleaseSafe(CF) { CFTypeRef _cf = (CF); if (_cf) CFRelease(_cf); }
+#define CFReleaseNull(CF) { CFTypeRef _cf = (CF); if (_cf) CFRelease(_cf); (CF) = NULL; }
 
 static const UInt8 sITunesStoreRootCertificate[] =
 {
@@ -133,7 +136,9 @@ static void tests(void)
     CFDataRef signature = CFDictionaryGetValue(urlBagDict, CFSTR("signature"));
 	CFDataRef bag = CFDictionaryGetValue(urlBagDict, CFSTR("bag"));
     unsigned char sha1_hash[CC_SHA1_DIGEST_LENGTH];
+    CFDataRef sha1Data = NULL;
     CCDigest(kCCDigestSHA1, CFDataGetBytePtr(bag), CFDataGetLength(bag), sha1_hash);
+    sha1Data = CFDataCreate(NULL, sha1_hash, sizeof(sha1_hash));
 
     isnt(policy = SecPolicyCreateBasicX509(), NULL, "create policy instance");
 
@@ -148,9 +153,14 @@ static void tests(void)
     }
 	SecKeyRef pub_key_leaf;
 	isnt(pub_key_leaf = SecTrustCopyPublicKey(trust), NULL, "get leaf pub key");
-	ok_status(SecKeyRawVerify(pub_key_leaf, kSecPaddingPKCS1SHA1, sha1_hash, sizeof(sha1_hash), CFDataGetBytePtr(signature), CFDataGetLength(signature)),
-		"verify signature on bag");
-
+    if (!pub_key_leaf) { goto errOut; }
+    CFErrorRef error = NULL;
+    ok(SecKeyVerifySignature(pub_key_leaf, kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1, sha1Data, signature, &error),
+              "verify signature on bag");
+    CFReleaseNull(error);
+
+errOut:
+    CFReleaseSafe(sha1Data);
     CFReleaseSafe(pub_key_leaf);
 	CFReleaseSafe(urlBagDict);
     CFReleaseSafe(certs);