X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/e0e0d90ebff497686991a933ae2f7db24e7d8e0f..dd5fb164cf5b32c462296bc65e289e100f74b59a:/OSX/libsecurity_cms/lib/CMSDecoder.cpp?ds=inline

diff --git a/OSX/libsecurity_cms/lib/CMSDecoder.cpp b/OSX/libsecurity_cms/lib/CMSDecoder.cpp
index a420e5eb..83775b23 100644
--- a/OSX/libsecurity_cms/lib/CMSDecoder.cpp
+++ b/OSX/libsecurity_cms/lib/CMSDecoder.cpp
@@ -66,7 +66,7 @@ struct _CMSDecoder {
 	SecArenaPoolRef		arena;				/* the decoder's arena */
 	SecCmsDecoderRef	decoder;
 	CFDataRef			detachedContent;
-	CFTypeRef			keychainOrArray;	/* from CMSDecoderSetSearchKeychain() */
+	CFTypeRef			keychainOrArray;	/* unused */
 	
 	/*
 	 * The following are valid (and quiescent) after CMSDecoderFinalizeMessage().
@@ -127,19 +127,20 @@ static void cmsDecoderFinalize(
 	if(cmsDecoder->decoder != NULL) {
 		/*
 		 * Normally this gets freed in SecCmsDecoderFinish - this is
-		 * an error case.
-		 * FIXME: SecCmsDecoderDestroy() appears to destroy the
-		 * cmsMsg too! Plus there's a comment there re: a leak...
+		 * an error case. Unlike Finish, this calls SecCmsMessageDestroy.
 		 */
 		SecCmsDecoderDestroy(cmsDecoder->decoder);
+		cmsDecoder->cmsMsg = NULL;
 	}
 	CFRELEASE(cmsDecoder->detachedContent);
 	CFRELEASE(cmsDecoder->keychainOrArray);
 	if(cmsDecoder->cmsMsg != NULL) {
 		SecCmsMessageDestroy(cmsDecoder->cmsMsg);
+		cmsDecoder->cmsMsg = NULL;
 	}
 	if(cmsDecoder->arena != NULL) {
 		SecArenaPoolFree(cmsDecoder->arena, false);
+		cmsDecoder->arena = NULL;
 	}
 }
 
@@ -382,24 +383,14 @@ OSStatus CMSDecoderCopyDetachedContent(
 }
 
 /*
- * Optionally specify a SecKeychainRef, or an array of them, containing
- * intermediate certs to be used in verifying a signed message's signer
- * certs. By default, the default keychain search list is used for this.
- * Specify an empty CFArrayRef to search *no* keychains for intermediate
- * certs.
- * IF this is called, it must be called before CMSDecoderCopySignerStatus().
+ * Beginning in 10.12, this function stopped affecting the behavior of the
+ * CMS Decoder. Its only use was in SecTrustSetKeychains which is a no-op.
+ * Please discontinue use.
  */
 OSStatus CMSDecoderSetSearchKeychain(
                                      CMSDecoderRef		cmsDecoder,
                                      CFTypeRef			keychainOrArray)
 {
-	if(cmsDecoder == NULL) {
-		return errSecParam;
-	}
-	cmsDecoder->keychainOrArray = keychainOrArray;
-	if(keychainOrArray) {
-		CFRetain(keychainOrArray);
-	}
 	return errSecSuccess;
 }
 
@@ -473,11 +464,7 @@ OSStatus CMSDecoderCopySignerStatus(
 	SecTrustRef theTrust = NULL;
 	OSStatus vfyRtn = SecCmsSignedDataVerifySignerInfo(cmsDecoder->signedData,
                                                        (int)signerIndex,
-                                                       /*
-                                                        * FIXME this cast should not be necessary, but libsecurity_smime
-                                                        * declares this argument as a SecKeychainRef
-                                                        */
-                                                       (SecKeychainRef)cmsDecoder->keychainOrArray,
+                                                       NULL,
                                                        policyOrArray,
                                                        &theTrust);
 
@@ -537,10 +524,6 @@ OSStatus CMSDecoderCopySignerStatus(
 			case kSecTrustResultDeny:
 				tpVfyStatus = CSSMERR_APPLETP_TRUST_SETTING_DENY;
 				break;
-			case kSecTrustResultConfirm:
-				dprintf("SecTrustEvaluate reported confirm\n");
-				tpVfyStatus = CSSMERR_TP_NOT_TRUSTED;
-				break;
 			default:
 			{
 				/* get low-level TP error */
@@ -999,3 +982,47 @@ OSStatus CMSDecoderCopySignerTimestampCertificates(
     xit:
         return status;
     }
+
+/*
+ * Obtain the Hash Agility attribute value of signer 'signerIndex'
+ * of a CMS message, if present.
+ *
+ * Returns errSecParam if the CMS message was not signed or if signerIndex
+ * is greater than the number of signers of the message minus one.
+ *
+ * This cannot be called until after CMSDecoderFinalizeMessage() is called.
+ */
+OSStatus CMSDecoderCopySignerAppleCodesigningHashAgility(
+    CMSDecoderRef		cmsDecoder,
+    size_t				signerIndex,            /* usually 0 */
+    CFDataRef  CF_RETURNS_RETAINED *hashAgilityAttrValue)			/* RETURNED */
+{
+    OSStatus status = errSecParam;
+    SecCmsMessageRef cmsg;
+    SecCmsSignedDataRef signedData = NULL;
+    int numContentInfos = 0;
+    CFDataRef returnedValue = NULL;
+
+    require(cmsDecoder && hashAgilityAttrValue, xit);
+    require_noerr(CMSDecoderGetCmsMessage(cmsDecoder, &cmsg), xit);
+    numContentInfos = SecCmsMessageContentLevelCount(cmsg);
+    for (int dex = 0; !signedData && dex < numContentInfos; dex++)
+    {
+        SecCmsContentInfoRef ci = SecCmsMessageContentLevel(cmsg, dex);
+        SECOidTag tag = SecCmsContentInfoGetContentTypeTag(ci);
+        if (tag == SEC_OID_PKCS7_SIGNED_DATA)
+            if ((signedData = SecCmsSignedDataRef(SecCmsContentInfoGetContent(ci))))
+                if (SecCmsSignerInfoRef signerInfo = SecCmsSignedDataGetSignerInfo(signedData, (int)signerIndex))
+                {
+                    status = SecCmsSignerInfoGetAppleCodesigningHashAgility(signerInfo, &returnedValue);
+                    break;
+                }
+    }
+xit:
+    if (status == errSecSuccess && returnedValue) {
+        *hashAgilityAttrValue = (CFDataRef) CFRetain(returnedValue);
+    } else {
+        *hashAgilityAttrValue = NULL;
+    }
+    return status;
+}