<key>CFBundleSignature</key>
<string>????</string>
<key>CFBundleVersion</key>
- <string>55471.14</string>
+ <string>55471.14.4</string>
<key>NSHumanReadableCopyright</key>
<string>Copyright © 2013 Apple, Inc. All rights reserved.</string>
</dict>
<key>CFBundleSignature</key>
<string>????</string>
<key>CFBundleVersion</key>
- <string>55471.14</string>
+ <string>55471.14.4</string>
<key>LSApplicationCategoryType</key>
<string></string>
<key>LSMinimumSystemVersion</key>
<key>CFBundleSignature</key>
<string>????</string>
<key>CFBundleVersion</key>
- <string>55471.14</string>
+ <string>55471.14.4</string>
<key>LSMinimumSystemVersion</key>
<string>${MACOSX_DEPLOYMENT_TARGET}</string>
<key>NSMainNibFile</key>
<key>CFBundleSignature</key>
<string>????</string>
<key>CFBundleVersion</key>
- <string>55471.14</string>
+ <string>55471.14.4</string>
<key>NSHumanReadableCopyright</key>
<string>Copyright © 2012 Apple. All rights reserved.</string>
<key>XPCService</key>
<key>CFBundleSignature</key>
<string>????</string>
<key>CFBundleVersion</key>
- <string>55471.14</string>
+ <string>55471.14.4</string>
</dict>
</plist>
<key>CFBundleSignature</key>
<string>????</string>
<key>CFBundleVersion</key>
- <string>55471.14</string>
+ <string>55471.14.4</string>
<key>CFBundleShortVersionString</key>
<string>3.0</string>
</dict>
_kSecCodeSignerSDKRoot
_kSecCodeSignerSigningTime
_kSecCodeSignerRequireTimestamp
+_kSecCodeSignerTeamIdentifier
_kSecCodeSignerTimestampServer
_kSecCodeSignerTimestampAuthentication
_kSecCodeSignerTimestampOmitCertificates
_kSecCodeInfoRequirementData
_kSecCodeInfoSource
_kSecCodeInfoStatus
+_kSecCodeInfoTeamIdentifier
_kSecCodeInfoTrust
_kSecCodeInfoUnique
_kSecCodeInfoCodeDirectory
kSecCodeSignatureForceExpiration = 0x0400, /* force certificate expiration checks */
kSecCodeSignatureRestrict = 0x0800, /* restrict dyld loading */
kSecCodeSignatureEnforcement = 0x1000, /* enforce code signing */
+ kSecCodeSignatureLibraryValidation = 0x2000, /* library validation required */
};
#include <security_utilities/unix++.h>
#include <security_utilities/unixchild.h>
#include <Security/SecCertificate.h>
+#include <Security/SecCertificatePriv.h>
#include <vector>
namespace Security {
MacOSError::throwMe(errSecCSInvalidObjectRef);
}
+//
+// Retrieve the team ID from the signing certificate if and only if
+// it is an apple developer signing cert
+//
+std::string SecCodeSigner::getTeamIDFromSigner(CFArrayRef certs)
+{
+ if (mSigner && mSigner != SecIdentityRef(kCFNull)) {
+ CFRef<SecCertificateRef> signerCert;
+ MacOSError::check(SecIdentityCopyCertificate(mSigner, &signerCert.aref()));
+
+ /* Make sure the certificate looks like an Apple certificate, because we do not
+ extract the team ID from a non Apple certificate */
+ if (SecStaticCode::isAppleDeveloperCert(certs)) {
+ CFRef<CFStringRef> teamIDFromCert;
+
+ MacOSError::check(SecCertificateCopySubjectComponent(signerCert.get(), &CSSMOID_OrganizationalUnitName, &teamIDFromCert.aref()));
+
+ if (teamIDFromCert)
+ return cfString(teamIDFromCert);
+ }
+ }
+
+ return "";
+}
//
// Roughly check for validity.
if (CFStringRef ident = get<CFStringRef>(kSecCodeSignerIdentifier))
state.mIdentifier = cfString(ident);
+ if (CFStringRef teamid = get<CFStringRef>(kSecCodeSignerTeamIdentifier))
+ state.mTeamID = cfString(teamid);
+
if (CFStringRef prefix = get<CFStringRef>(kSecCodeSignerIdentifierPrefix))
state.mIdentifierPrefix = cfString(prefix);
void parameters(CFDictionaryRef args); // parse and set parameters
bool valid() const;
+
+ std::string getTeamIDFromSigner(CFArrayRef certs);
void sign(SecStaticCode *code, SecCSFlags flags);
void remove(SecStaticCode *code, SecCSFlags flags);
void returnDetachedSignature(BlobCore *blob, Signer &signer);
-
+
protected:
std::string sdkPath(const std::string &path) const;
bool isAdhoc() const;
CodeDirectory::HashAlgorithm mDigestAlgorithm; // interior digest (hash) algorithm
std::string mIdentifier; // unique identifier override
std::string mIdentifierPrefix; // prefix for un-dotted default identifiers
+ std::string mTeamID; // teamID
bool mNoMachO; // override to perform non-Mach-O signing
bool mDryRun; // dry run (do not change target)
CFRef<CFNumberRef> mPageSize; // main executable page size
const CFStringRef kSecCodeInfoRequirementData = CFSTR("requirement-data");
const CFStringRef kSecCodeInfoSource = CFSTR("source");
const CFStringRef kSecCodeInfoStatus = CFSTR("status");
+const CFStringRef kSecCodeInfoTeamIdentifier = CFSTR("teamid");
const CFStringRef kSecCodeInfoTime = CFSTR("signing-time");
const CFStringRef kSecCodeInfoTimestamp = CFSTR("signing-timestamp");
const CFStringRef kSecCodeInfoTrust = CFSTR("trust");
extern const CFStringRef kSecCodeInfoRequirementData; /* Requirement */
extern const CFStringRef kSecCodeInfoSource; /* generic */
extern const CFStringRef kSecCodeInfoStatus; /* Dynamic */
+extern const CFStringRef kSecCodeInfoTeamIdentifier; /* Signing */
extern const CFStringRef kSecCodeInfoTime; /* Signing */
extern const CFStringRef kSecCodeInfoTimestamp; /* Signing */
extern const CFStringRef kSecCodeInfoTrust; /* Signing */
const CFStringRef kSecCodeSignerTimestampAuthentication = CFSTR("timestamp-authentication");
const CFStringRef kSecCodeSignerTimestampOmitCertificates = CFSTR("timestamp-omit-certificates");
const CFStringRef kSecCodeSignerPreserveMetadata = CFSTR("preserve-metadata");
+const CFStringRef kSecCodeSignerTeamIdentifier = CFSTR("teamidentifier");
// temporary add-back to bridge B&I build dependencies -- remove soon
const CFStringRef kSecCodeSignerTSAUse = CFSTR("timestamp-required");
extern const CFStringRef kSecCodeSignerTimestampServer;
extern const CFStringRef kSecCodeSignerTimestampOmitCertificates;
extern const CFStringRef kSecCodeSignerPreserveMetadata;
+extern const CFStringRef kSecCodeSignerTeamIdentifier;
enum {
kSecCodeSignerPreserveIdentifier = 1 << 0, // preserve signing identifier
kSecCodeSignerPreserveEntitlements = 1 << 2, // preserve entitlements
kSecCodeSignerPreserveResourceRules = 1 << 3, // preserve resource rules (and thus resources)
kSecCodeSignerPreserveFlags = 1 << 4, // preserve signing flags
+ kSecCodeSignerPreserveTeamIdentifier = 1 << 5, // preserve team identifier flags
};
#include <security_utilities/unix++.h>
#include <security_utilities/cfmunge.h>
#include <Security/CMSDecoder.h>
+#include <security_utilities/logging.h>
namespace Security {
using namespace UnixPlusPlus;
+// A requirement representing a Mac or iOS dev cert, a Mac or iOS distribution cert, or a developer ID
+static const char WWDRRequirement[] = "anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.1] exists "
+ "and ( cert leaf[subject.CN] = \"Mac Developer: \"* or cert leaf[subject.CN] = \"iPhone Developer: \"* )";
+static const char developerID[] = "anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] exists"
+ " and certificate leaf[field.1.2.840.113635.100.6.1.13] exists";
+static const char distributionCertificate[] = "anchor apple generic and certificate leaf[field.1.2.840.113635.100.6.1.7] exists";
+static const char iPhoneDistributionCert[] = "anchor apple generic and certificate leaf[field.1.2.840.113635.100.6.1.4] exists";
//
// Map a component slot number to a suitable error code for a failure
SecTrustResultType trustResult;
MacOSError::check(SecTrustEvaluate(mTrust, &trustResult));
MacOSError::check(SecTrustGetResult(mTrust, &trustResult, &mCertChain.aref(), &mEvalDetails));
+
+ // if this is an Apple developer cert....
+ if (teamID() && SecStaticCode::isAppleDeveloperCert(mCertChain)) {
+ CFRef<CFStringRef> teamIDFromCert;
+ if (CFArrayGetCount(mCertChain) > 0) {
+ /* Note that SecCertificateCopySubjectComponent sets the out paramater to NULL if there is no field present */
+ MacOSError::check(SecCertificateCopySubjectComponent((SecCertificateRef)CFArrayGetValueAtIndex(mCertChain, Requirement::leafCert),
+ &CSSMOID_OrganizationalUnitName,
+ &teamIDFromCert.aref()));
+
+ if (teamIDFromCert) {
+ CFRef<CFStringRef> teamIDFromCD = CFStringCreateWithCString(NULL, teamID(), kCFStringEncodingUTF8);
+ if (!teamIDFromCD) {
+ MacOSError::throwMe(errSecCSInternalError);
+ }
+
+ if (CFStringCompare(teamIDFromCert, teamIDFromCD, 0) != kCFCompareEqualTo) {
+ Security::Syslog::error("Team identifier in the signing certificate (%s) does not match the team identifier (%s) in the code directory", cfString(teamIDFromCert).c_str(), teamID());
+ MacOSError::throwMe(errSecCSSignatureInvalid);
+ }
+ }
+ }
+ }
+
CODESIGN_EVAL_STATIC_SIGNATURE_RESULT(this, trustResult, mCertChain ? (int)CFArrayGetCount(mCertChain) : 0);
switch (trustResult) {
case kSecTrustResultProceed:
if (CFAbsoluteTime time = this->signingTimestamp())
if (CFRef<CFDateRef> date = CFDateCreate(NULL, time))
CFDictionaryAddValue(dict, kSecCodeInfoTimestamp, date);
+ if (const char *teamID = this->teamID())
+ CFDictionaryAddValue(dict, kSecCodeInfoTeamIdentifier, CFTempString(teamID));
} catch (...) { }
//
if (ctx.offset != activeOffset) { // inactive architecture; check it
SecPointer<SecStaticCode> subcode = new SecStaticCode(DiskRep::bestGuess(this->mainExecutablePath(), &ctx));
subcode->detachedSignature(this->mDetachedSig); // carry over explicit (but not implicit) detached signature
+ if (this->teamID() == NULL || subcode->teamID() == NULL) {
+ if (this->teamID() != subcode->teamID())
+ MacOSError::throwMe(errSecCSSignatureInvalid);
+ } else if (strcmp(this->teamID(), subcode->teamID()) != 0)
+ MacOSError::throwMe(errSecCSSignatureInvalid);
handle(subcode);
}
}
}
}
+//
+// A method that takes a certificate chain (certs) and evaluates
+// if it is a Mac or IPhone developer cert, an app store distribution cert,
+// or a developer ID
+//
+bool SecStaticCode::isAppleDeveloperCert(CFArrayRef certs)
+{
+ static const std::string appleDeveloperRequirement = "(" + std::string(WWDRRequirement) + ") or (" + developerID + ") or (" + distributionCertificate + ") or (" + iPhoneDistributionCert + ")";
+ SecRequirement *req = new SecRequirement(parseRequirement(appleDeveloperRequirement), true);
+ Requirement::Context ctx(certs, NULL, NULL, "", NULL);
+
+ return req->requirement()->validates(ctx);
+}
} // end namespace CodeSigning
} // end namespace Security
std::string mainExecutablePath() { return mRep->mainExecutablePath(); }
CFURLRef canonicalPath() const { return mRep->canonicalPath(); }
std::string identifier() { return codeDirectory()->identifier(); }
+ const char *teamID() { return codeDirectory()->teamID(); }
std::string format() const { return mRep->format(); }
std::string signatureSource();
virtual CFDataRef component(CodeDirectory::SpecialSlot slot, OSStatus fail = errSecCSSignatureFailed);
CFDictionaryRef signingInformation(SecCSFlags flags); // omnibus information-gathering API (creates new dictionary)
+ static bool isAppleDeveloperCert(CFArrayRef certs); // determines if this is an apple developer certificate for libraray validation
+
public:
void staticValidate(SecCSFlags flags, const SecRequirement *req);
void staticValidateCore(SecCSFlags flags, const SecRequirement *req);
-
+
protected:
CFDictionaryRef getDictionary(CodeDirectory::SpecialSlot slot, bool check = true); // component value as a dictionary
bool verifySignature();
return mScatter;
}
+// This calculates the fixed size of the code directory
+// Because of <rdar://problem/16102695>, if the team ID
+// field is not used, we leave out the team ID offset
+// as well, to keep cd hashes consistent between
+// versions.
+const size_t CodeDirectory::Builder::fixedSize(const uint32_t version)
+{
+ size_t cdSize = sizeof(CodeDirectory);
+ if (version < supportsTeamID)
+ cdSize -= sizeof(mDir->teamIDOffset);
+
+ return cdSize;
+}
//
// Calculate the size we'll need for the CodeDirectory as described so far
//
-size_t CodeDirectory::Builder::size()
+size_t CodeDirectory::Builder::size(const uint32_t version)
{
assert(mExec); // must have called executable()
if (mExecLength == 0)
mCodeSlots = (mExecLength + mPageSize - 1) / mPageSize; // round up
}
- size_t offset = sizeof(CodeDirectory);
+ size_t offset = fixedSize(version);
+
offset += mScatterSize; // scatter vector
offset += mIdentifier.size() + 1; // size of identifier (with null byte)
+ if (mTeamID.size())
+ offset += mTeamID.size() + 1; // size of teamID (with null byte)
offset += (mCodeSlots + mSpecialSlots) * mDigestLength; // hash vector
+
return offset;
}
CodeDirectory *CodeDirectory::Builder::build()
{
assert(mExec); // must have (successfully) called executable()
-
+ uint32_t version;
+
// size and allocate
size_t identLength = mIdentifier.size() + 1;
- size_t total = size();
+ size_t teamIDLength = mTeamID.size() + 1;
+
+ // Determine the version
+ if (mTeamID.size()) {
+ version = currentVersion;
+ } else {
+ version = supportsScatter;
+ }
+
+ size_t total = size(version);
if (!(mDir = (CodeDirectory *)calloc(1, total))) // initialize to zero
UnixError::throwMe(ENOMEM);
// fill header
mDir->initialize(total);
- mDir->version = currentVersion;
+ mDir->version = version;
mDir->flags = mFlags;
mDir->nSpecialSlots = (uint32_t)mSpecialSlots;
mDir->nCodeSlots = (uint32_t)mCodeSlots;
mDir->pageSize = 0; // means infinite page size
// locate and fill flex fields
- size_t offset = sizeof(CodeDirectory);
-
+ size_t offset = fixedSize(mDir->version);
+
if (mScatter) {
mDir->scatterOffset = (uint32_t)offset;
memcpy(mDir->scatterVector(), mScatter, mScatterSize);
mDir->identOffset = (uint32_t)offset;
memcpy(mDir->identifier(), mIdentifier.c_str(), identLength);
offset += identLength;
-
+
+ if (mTeamID.size()) {
+ mDir->teamIDOffset = (uint32_t)offset;
+ memcpy(mDir->teamID(), mTeamID.c_str(), teamIDLength);
+ offset += teamIDLength;
+ }
// (add new flexibly-allocated fields here)
mDir->hashOffset = (uint32_t)(offset + mSpecialSlots * mDigestLength);
void specialSlot(SpecialSlot slot, CFDataRef data);
void identifier(const std::string &code) { mIdentifier = code; }
+ void teamID(const std::string &team) { mTeamID = team; }
void flags(uint32_t f) { mFlags = f; }
Scatter *scatter(unsigned count); // allocate that many scatter elements (w/o sentinel)
Scatter *scatter() { return mScatter; } // return already allocated scatter vector
- size_t size(); // calculate size
+ size_t size(const uint32_t version); // calculate size
CodeDirectory *build(); // build CodeDirectory and return it
+ const size_t fixedSize(const uint32_t version); // calculate fixed size of the CodeDirectory
DynamicHash *getHash() const { return CodeDirectory::hashFor(this->mHashType); }
uint32_t mHashType; // digest algorithm code
uint32_t mDigestLength; // number of bytes in a single glue digest
std::string mIdentifier; // canonical identifier
+ std::string mTeamID; // team identifier
size_t mSpecialSlots; // highest special slot set
size_t mCodeSlots; // number of code pages (slots)
// now check interior offsets for validity
if (!stringAt(identOffset))
MacOSError::throwMe(errSecCSSignatureFailed); // identifier out of blob range
+ if (version >= supportsTeamID && teamIDOffset != 0 && !stringAt(teamIDOffset))
+ MacOSError::throwMe(errSecCSSignatureFailed); // identifier out of blob range
if (!contains(hashOffset - int64_t(hashSize) * nSpecialSlots, hashSize * (int64_t(nSpecialSlots) + nCodeSlots)))
MacOSError::throwMe(errSecCSSignatureFailed); // hash array out of blob range
if (const Scatter *scatter = this->scatterVector()) {
{ "expires", kSecCodeSignatureForceExpiration, true },
{ "restrict", kSecCodeSignatureRestrict, true },
{ "enforcement", kSecCodeSignatureEnforcement, true },
+ { "library-validation", kSecCodeSignatureLibraryValidation, true },
{ NULL }
};
uint8_t pageSize; // log2(page size in bytes); 0 => infinite
Endian<uint32_t> spare2; // unused (must be zero)
Endian<uint32_t> scatterOffset; // offset of optional scatter vector (zero if absent)
+ Endian<uint32_t> teamIDOffset; // offset of optional teamID string
// works with the version field; see comments above
- static const uint32_t currentVersion = 0x20100; // "version 2.1"
+ static const uint32_t currentVersion = 0x20200; // "version 2.2"
static const uint32_t compatibilityLimit = 0x2F000; // "version 3 with wiggle room"
static const uint32_t earliestVersion = 0x20001; // earliest supported version
static const uint32_t supportsScatter = 0x20100; // first version to support scatter option
+ static const uint32_t supportsTeamID = 0x20200; // first version to support team ID option
void checkIntegrity() const; // throws if inconsistent or unsupported version
const char *identifier() const { return at<const char>(identOffset); }
char *identifier() { return at<char>(identOffset); }
-
+
// main hash array access
SpecialSlot maxSpecialSlot() const;
{ return (version >= supportsScatter && scatterOffset) ? at<Scatter>(scatterOffset) : NULL; }
const Scatter *scatterVector() const
{ return (version >= supportsScatter && scatterOffset) ? at<const Scatter>(scatterOffset) : NULL; }
-
+
+ const char *teamID() const { return version >= supportsTeamID && teamIDOffset ? at<const char>(teamIDOffset) : NULL; }
+ char *teamID() { return version >= supportsTeamID && teamIDOffset ? at<char>(teamIDOffset) : NULL; }
+
public:
bool validateSlot(const void *data, size_t size, Slot slot) const; // validate memory buffer against page slot
bool validateSlot(UnixPlusPlus::FileDesc fd, size_t size, Slot slot) const; // read and validate file
{
rep = code->diskRep()->base();
this->prepare(flags);
-
+
PreSigningContext context(*this);
+
+ /* If an explicit teamID was passed in it must be
+ the same as what came from the cert */
+ std::string teamIDFromCert = state.getTeamIDFromSigner(context.certs);
+
+ if (state.mPreserveMetadata & kSecCodeSignerPreserveTeamIdentifier) {
+ /* If preserving the team identifier, teamID is set previously when the
+ code object is still available */
+ if (!teamIDFromCert.empty() && teamID != teamIDFromCert)
+ MacOSError::throwMe(errSecCSInvalidFlags);
+ } else {
+ if (teamIDFromCert.empty()) {
+ /* state.mTeamID is an explicitly passed teamID */
+ teamID = state.mTeamID;
+ } else if (state.mTeamID.empty() || (state.mTeamID == teamIDFromCert)) {
+ /* If there was no explicit team ID set, or the explicit team ID matches
+ what is in the cert, use the team ID from the certificate */
+ teamID = teamIDFromCert;
+ } else {
+ /* The caller passed in an explicit team ID that does not match what is
+ in the signing cert, which is an invalid usage */
+ MacOSError::throwMe(errSecCSInvalidFlags);
+ }
+ }
+
if (Universal *fat = state.mNoMachO ? NULL : rep->mainExecutableImage()) {
signMachO(fat, context);
} else {
} else
secdebug("signer", "using explicit identifier=%s", identifier.c_str());
+ teamID = state.mTeamID;
+ if (teamID.empty() && (inherit & kSecCodeSignerPreserveTeamIdentifier)) {
+ const char *c_id = code->teamID();
+ if (c_id)
+ teamID = c_id;
+ }
+
entitlements = state.mEntitlementData;
if (!entitlements && (inherit & kSecCodeSignerPreserveEntitlements))
entitlements = code->component(cdEntitlementSlot);
}
// prepare SuperBlob size estimate
- size_t cdSize = arch.cdbuilder.size();
+ size_t cdSize = arch.cdbuilder.size(CodeDirectory::currentVersion);
arch.blobSize = arch.size(cdSize, state.mCMSSize, 0);
}
builder.executable(rep->mainExecutablePath(), pagesize, offset, length);
builder.flags(cdFlags);
builder.identifier(identifier);
-
+ builder.teamID(teamID);
+
if (CFRef<CFDataRef> data = rep->component(cdInfoSlot))
builder.specialSlot(cdInfoSlot, data);
if (ireqs) {
CFRef<CFDictionaryRef> resourceDirectory; // resource directory
CFRef<CFDataRef> resourceDictData; // XML form of resourceDirectory
std::string identifier; // signing identifier
+ std::string teamID; // team identifier
CFRef<CFDataRef> entitlements; // entitlements
uint32_t cdFlags; // CodeDirectory flags
const Requirements *requirements; // internal requirements ready-to-use
/* Encoding is kCFStringEncodingUTF8 since the string is either
PRINTABLE_STRING, IA5_STRING, T61_STRING or PKIX_UTF8_STRING. */
CFStringRef string = CFStringCreateWithBytes(NULL, it->Data, static_cast<CFIndex>(it->Length), kCFStringEncodingUTF8, true);
+ /* Be prepared for improperly formatted (non-UTF8) strings! */
+ if (!string) continue;
CFArrayAppendValue(array, string);
CFRelease(string);
}
/* Encoding is kCFStringEncodingUTF8 since the string is either
PRINTABLE_STRING, IA5_STRING, T61_STRING or PKIX_UTF8_STRING. */
CFStringRef string = CFStringCreateWithBytes(NULL, it->Data, static_cast<CFIndex>(it->Length), kCFStringEncodingUTF8, true);
+ /* Be prepared for improperly formatted (non-UTF8) strings! */
+ if (!string) continue;
CFArrayAppendValue(array, string);
CFRelease(string);
}
* using a block cipher.
*/
kSSLSessionOptionSendOneByteRecord,
+ /*
+ * Allow/Disallow server identity change on renegotiation. Disallow by default
+ * to avoid Triple Handshake attack.
+ */
+ kSSLSessionOptionAllowServerIdentityChange,
} SSLSessionOption;
size_t listLen, certLen;
UInt8 *p;
OSStatus err;
-#ifdef USE_SSLCERTIFICATE
- SSLCertificate *cert;
-#else
CFMutableArrayRef certChain = NULL;
SecCertificateRef cert;
-#endif
p = message.data;
listLen = SSLDecodeInt(p,3);
}
while (listLen > 0)
- { certLen = SSLDecodeInt(p,3);
+ {
+ if (listLen < 3) {
+ sslErrorLog("SSLProcessCertificate: length decode error 2\n");
+ return errSSLProtocol;
+ }
+ certLen = SSLDecodeInt(p,3);
p += 3;
if (listLen < certLen + 3) {
- sslErrorLog("SSLProcessCertificate: length decode error 2\n");
+ sslErrorLog("SSLProcessCertificate: length decode error 3\n");
return errSSLProtocol;
}
-#ifdef USE_SSLCERTIFICATE
- cert = (SSLCertificate *)sslMalloc(sizeof(SSLCertificate));
- if(cert == NULL) {
- return errSecAllocate;
- }
- if ((err = SSLAllocBuffer(&cert->derCert, certLen)
- { sslFree(cert);
- return err;
- }
- memcpy(cert->derCert.data, p, certLen);
- p += certLen;
- cert->next = ctx->peerCert; /* Insert backwards; root cert
- * will be first in linked list */
- ctx->peerCert = cert;
-#else
if (!certChain) {
certChain = CFArrayCreateMutable(kCFAllocatorDefault, 0,
&kCFTypeArrayCallBacks);
if (certChain == NULL) {
return errSecAllocate;
}
- if (ctx->peerCert) {
- sslDebugLog("SSLProcessCertificate: releasing existing cert chain\n");
- CFRelease(ctx->peerCert);
- }
- ctx->peerCert = certChain;
}
cert = SecCertificateCreateWithBytes(NULL, p, certLen);
#if SSL_DEBUG && !TARGET_OS_IPHONE
/* Insert forwards; root cert will be last in linked list */
CFArrayAppendValue(certChain, cert);
CFRelease(cert);
-#endif
listLen -= 3+certLen;
}
assert(p == message.data + message.length && listLen == 0);
+ if (ctx->protocolSide == kSSLClientSide && ctx->peerCert && !ctx->allowServerIdentityChange) {
+ // Do not accept a different server cert during renegotiation unless allowed.
+ if((certChain!=NULL) && !CFEqual(ctx->peerCert, certChain))
+ {
+ CFRelease(certChain);
+ sslErrorLog("Illegal server identity change during renegotiation\n");
+ return errSSLProtocol;
+ }
+ }
+
+ // Replace old cert with new cert.
+ if (ctx->peerCert) {
+ sslDebugLog("SSLProcessCertificate: releasing existing cert chain\n");
+ CFRelease(ctx->peerCert);
+ }
+
+ ctx->peerCert = certChain;
+
if (!ctx->peerCert) {
/* this *might* be OK... */
if((ctx->protocolSide == kSSLServerSide) &&
}
}
+
+
if((err = sslVerifyCertChain(ctx, ctx->peerCert, true)) != 0) {
AlertDescription desc;
switch(err) {
static CFTypeID kSSLContextTypeID;
int kSplitDefaultValue;
+bool kAllowServerIdentityChangeDefaultValue;
static void _sslContextDestroy(CFTypeRef arg);
static Boolean _sslContextEqual(CFTypeRef a, CFTypeRef b);
/* 0 = disabled, 1 = split every write, 2 = split second and subsequent writes */
/* Enabled by default, this make cause some interop issues, see <rdar://problem/12307662> and <rdar://problem/12323307> */
const int defaultSplitDefaultValue = 2;
-
+ //To change:
+ //sudo defaults write /Library/Preferences/com.apple.security SSLWriteSplit -int 0
CFTypeRef value = (CFTypeRef)CFPreferencesCopyValue(CFSTR("SSLWriteSplit"),
CFSTR("com.apple.security"),
kCFPreferencesAnyUser,
- kCFPreferencesAnyHost);
+ kCFPreferencesCurrentHost);
if (value) {
if (CFGetTypeID(value) == CFBooleanGetTypeID())
kSplitDefaultValue = CFBooleanGetValue((CFBooleanRef)value) ? 1 : 0;
else {
kSplitDefaultValue = defaultSplitDefaultValue;
}
+
+
+ /* 0 = disallowed, 1 = allowed */
+ /* Disallowed by default */
+ const bool defaultValue = false;
+ //To change:
+ //sudo defaults write /Library/Preferences/com.apple.security SSLAllowServerIdentityChange -bool YES
+ value = (CFTypeRef)CFPreferencesCopyValue(CFSTR("SSLAllowServerIdentityChange"),
+ CFSTR("com.apple.security"),
+ kCFPreferencesAnyUser,
+ kCFPreferencesCurrentHost);
+ if (value) {
+ if (CFGetTypeID(value) == CFBooleanGetTypeID())
+ kAllowServerIdentityChangeDefaultValue = CFBooleanGetValue((CFBooleanRef)value);
+ else if (CFGetTypeID(value) == CFNumberGetTypeID()) {
+ int localValue;
+ if (!CFNumberGetValue((CFNumberRef)value, kCFNumberIntType, &localValue)) {
+ kAllowServerIdentityChangeDefaultValue = defaultValue;
+ } else {
+ kAllowServerIdentityChangeDefaultValue = localValue;
+ }
+ }
+ CFRelease(value);
+ }
+ else {
+ kAllowServerIdentityChangeDefaultValue = defaultValue;
+ }
}
static void _SSLContextRegisterClass()
/* Default for sending one-byte app data record is DISABLED */
ctx->oneByteRecordEnable = false;
+ /* Default for allowing server identity change on renegotiation is FALSE */
+ ctx->allowServerIdentityChange = false;
+
/* Consult global system preference for default behavior:
* 0 = disabled, 1 = split every write, 2 = split second and subsequent writes
* (caller can override by setting kSSLSessionOptionSendOneByteRecord)
pthread_once(&sReadDefault, _SSLContextReadDefault);
if (kSplitDefaultValue > 0)
ctx->oneByteRecordEnable = true;
+ if (kAllowServerIdentityChangeDefaultValue>0)
+ ctx->allowServerIdentityChange = true;
/* default for anonymous ciphers is DISABLED */
ctx->anonCipherEnable = false;
case kSSLSessionOptionFalseStart:
context->falseStartEnabled = value;
break;
+ case kSSLSessionOptionAllowServerIdentityChange:
+ context->allowServerIdentityChange = value;
+ break;
default:
return errSecParam;
}
Boolean rsaBlindingEnable;
Boolean oneByteRecordEnable; /* enable 1/n-1 data splitting for TLSv1 and SSLv3 */
Boolean wroteAppData; /* at least one write completed with current writeCipher */
+ Boolean allowServerIdentityChange; /* allow server identity change on renegotiation
+ disallowed by default to avoid triple handshake attack */
/* optional session cache timeout (in seconds) override - 0 means default */
uint32_t sessionCacheTimeout;
{ OPENSSL_SERVER, 4000, 0, false}, //openssl s_server w/o client side auth
{ GNUTLS_SERVER, 5000, 1, false}, // gnutls-serv w/o client side auth
{ "www.mikestoolbox.org", 442, 2, false}, // mike's w/o client side auth
-// { "tls.secg.org", 40022, 3, false}, // secg ecc server w/o client side auth
+// { "tls.secg.org", 40022, 3, false}, // secg ecc server w/o client side auth - This server generate DH params we dont support.
{ OPENSSL_SERVER, 4010, 0, true}, //openssl s_server w/ client side auth
{ GNUTLS_SERVER, 5010, 1, true}, // gnutls-serv w/ client side auth
roots=/var/tmp
project=Security
-~rc/bin/buildit . --rootsDirectory=/var/tmp -noverify -release iOS -project $project -archive -dsymsInDstroot \
+~rc/bin/buildit . --rootsDirectory=/var/tmp -noverify -project $project -archive -dsymsInDstroot \
-target $target \
-configuration $config || { echo 'build failed' ; exit 1; }
require(ccder_decode_tag(&tag, der, der_end),fail);
switch (tag) {
- case CCDER_OCTET_STRING:
+ case CCDER_OCTET_STRING:
{
der = der_decode_data(kCFAllocatorDefault, 0, &otr_data, error, der, der_end);
p->waitingForDataPacket = false;
"Found the item we added after restore");
CFReleaseNull(backup);
+ // force tombstone to be added, since it's not the default behavior in Innsbruck per rdar://14680869
CFDictionaryAddValue(query, kSecUseTombstones, kCFBooleanTrue);
ok_status(SecItemDelete(query), "Deleted item we added");
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<Workspace
+ version = "1.0">
+ <FileRef
+ location = "self:sec.xcodeproj">
+ </FileRef>
+</Workspace>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+ <key>IDESourceControlProjectFavoriteDictionaryKey</key>
+ <false/>
+ <key>IDESourceControlProjectIdentifier</key>
+ <string>55BE31B1-4B75-46C3-99C0-AC509F5CE8EA</string>
+ <key>IDESourceControlProjectName</key>
+ <string>sec</string>
+ <key>IDESourceControlProjectOriginsDictionary</key>
+ <dict>
+ <key>B1756FC7-4092-4712-B882-FDA75264D61A</key>
+ <string>git.apple.com:/git/projects/secmodules/sec</string>
+ </dict>
+ <key>IDESourceControlProjectPath</key>
+ <string>sec.xcodeproj/project.xcworkspace</string>
+ <key>IDESourceControlProjectRelativeInstallPathDictionary</key>
+ <dict>
+ <key>B1756FC7-4092-4712-B882-FDA75264D61A</key>
+ <string>../..</string>
+ </dict>
+ <key>IDESourceControlProjectURL</key>
+ <string>git.apple.com:/git/projects/secmodules/sec</string>
+ <key>IDESourceControlProjectVersion</key>
+ <integer>110</integer>
+ <key>IDESourceControlProjectWCCIdentifier</key>
+ <string>B1756FC7-4092-4712-B882-FDA75264D61A</string>
+ <key>IDESourceControlProjectWCConfigurations</key>
+ <array>
+ <dict>
+ <key>IDESourceControlRepositoryExtensionIdentifierKey</key>
+ <string>public.vcs.git</string>
+ <key>IDESourceControlWCCIdentifierKey</key>
+ <string>B1756FC7-4092-4712-B882-FDA75264D61A</string>
+ <key>IDESourceControlWCCName</key>
+ <string>sec</string>
+ </dict>
+ </array>
+</dict>
+</plist>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<Scheme
+ LastUpgradeVersion = "0600"
+ version = "1.3">
+ <BuildAction
+ parallelizeBuildables = "YES"
+ buildImplicitDependencies = "YES">
+ <BuildActionEntries>
+ <BuildActionEntry
+ buildForTesting = "YES"
+ buildForRunning = "YES"
+ buildForProfiling = "YES"
+ buildForArchiving = "YES"
+ buildForAnalyzing = "YES">
+ <BuildableReference
+ BuildableIdentifier = "primary"
+ BlueprintIdentifier = "E7CBDB711890BD810010B75B"
+ BuildableName = "libCPSRegresssions.a"
+ BlueprintName = "libCPSRegresssions"
+ ReferencedContainer = "container:sec.xcodeproj">
+ </BuildableReference>
+ </BuildActionEntry>
+ </BuildActionEntries>
+ </BuildAction>
+ <TestAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ buildConfiguration = "Debug">
+ <Testables>
+ </Testables>
+ </TestAction>
+ <LaunchAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ launchStyle = "0"
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Debug"
+ ignoresPersistentStateOnLaunch = "NO"
+ debugDocumentVersioning = "YES"
+ allowLocationSimulation = "YES">
+ <AdditionalOptions>
+ </AdditionalOptions>
+ </LaunchAction>
+ <ProfileAction
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ savedToolIdentifier = ""
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Release"
+ debugDocumentVersioning = "YES">
+ </ProfileAction>
+ <AnalyzeAction
+ buildConfiguration = "Debug">
+ </AnalyzeAction>
+ <ArchiveAction
+ buildConfiguration = "Release"
+ revealArchiveInOrganizer = "YES">
+ </ArchiveAction>
+</Scheme>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<Scheme
+ LastUpgradeVersion = "0600"
+ version = "1.3">
+ <BuildAction
+ parallelizeBuildables = "YES"
+ buildImplicitDependencies = "YES">
+ <BuildActionEntries>
+ <BuildActionEntry
+ buildForTesting = "YES"
+ buildForRunning = "YES"
+ buildForProfiling = "YES"
+ buildForArchiving = "YES"
+ buildForAnalyzing = "YES">
+ <BuildableReference
+ BuildableIdentifier = "primary"
+ BlueprintIdentifier = "5284029F164445760035F320"
+ BuildableName = "libCloudKeychainProxy.a"
+ BlueprintName = "libCloudKeychainProxy"
+ ReferencedContainer = "container:sec.xcodeproj">
+ </BuildableReference>
+ </BuildActionEntry>
+ </BuildActionEntries>
+ </BuildAction>
+ <TestAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ buildConfiguration = "Debug">
+ <Testables>
+ </Testables>
+ </TestAction>
+ <LaunchAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ launchStyle = "0"
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Debug"
+ ignoresPersistentStateOnLaunch = "NO"
+ debugDocumentVersioning = "YES"
+ allowLocationSimulation = "YES">
+ <AdditionalOptions>
+ </AdditionalOptions>
+ </LaunchAction>
+ <ProfileAction
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ savedToolIdentifier = ""
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Release"
+ debugDocumentVersioning = "YES">
+ </ProfileAction>
+ <AnalyzeAction
+ buildConfiguration = "Debug">
+ </AnalyzeAction>
+ <ArchiveAction
+ buildConfiguration = "Release"
+ revealArchiveInOrganizer = "YES">
+ </ArchiveAction>
+</Scheme>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<Scheme
+ LastUpgradeVersion = "0600"
+ version = "1.3">
+ <BuildAction
+ parallelizeBuildables = "YES"
+ buildImplicitDependencies = "YES">
+ <BuildActionEntries>
+ <BuildActionEntry
+ buildForTesting = "YES"
+ buildForRunning = "YES"
+ buildForProfiling = "YES"
+ buildForArchiving = "YES"
+ buildForAnalyzing = "YES">
+ <BuildableReference
+ BuildableIdentifier = "primary"
+ BlueprintIdentifier = "E7CBDB911890BF350010B75B"
+ BuildableName = "libCloudProtection.a"
+ BlueprintName = "libCloudProtection"
+ ReferencedContainer = "container:sec.xcodeproj">
+ </BuildableReference>
+ </BuildActionEntry>
+ </BuildActionEntries>
+ </BuildAction>
+ <TestAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ buildConfiguration = "Debug">
+ <Testables>
+ </Testables>
+ </TestAction>
+ <LaunchAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ launchStyle = "0"
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Debug"
+ ignoresPersistentStateOnLaunch = "NO"
+ debugDocumentVersioning = "YES"
+ allowLocationSimulation = "YES">
+ <AdditionalOptions>
+ </AdditionalOptions>
+ </LaunchAction>
+ <ProfileAction
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ savedToolIdentifier = ""
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Release"
+ debugDocumentVersioning = "YES">
+ </ProfileAction>
+ <AnalyzeAction
+ buildConfiguration = "Debug">
+ </AnalyzeAction>
+ <ArchiveAction
+ buildConfiguration = "Release"
+ revealArchiveInOrganizer = "YES">
+ </ArchiveAction>
+</Scheme>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<Scheme
+ LastUpgradeVersion = "0600"
+ version = "1.3">
+ <BuildAction
+ parallelizeBuildables = "YES"
+ buildImplicitDependencies = "YES">
+ <BuildActionEntries>
+ <BuildActionEntry
+ buildForTesting = "YES"
+ buildForRunning = "YES"
+ buildForProfiling = "YES"
+ buildForArchiving = "YES"
+ buildForAnalyzing = "YES">
+ <BuildableReference
+ BuildableIdentifier = "primary"
+ BlueprintIdentifier = "E7FEFB82169E363300E18152"
+ BuildableName = "libSOSCommands.a"
+ BlueprintName = "libSOSCommands"
+ ReferencedContainer = "container:sec.xcodeproj">
+ </BuildableReference>
+ </BuildActionEntry>
+ </BuildActionEntries>
+ </BuildAction>
+ <TestAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ buildConfiguration = "Debug">
+ <Testables>
+ </Testables>
+ </TestAction>
+ <LaunchAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ launchStyle = "0"
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Debug"
+ ignoresPersistentStateOnLaunch = "NO"
+ debugDocumentVersioning = "YES"
+ allowLocationSimulation = "YES">
+ <AdditionalOptions>
+ </AdditionalOptions>
+ </LaunchAction>
+ <ProfileAction
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ savedToolIdentifier = ""
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Release"
+ debugDocumentVersioning = "YES">
+ </ProfileAction>
+ <AnalyzeAction
+ buildConfiguration = "Debug">
+ </AnalyzeAction>
+ <ArchiveAction
+ buildConfiguration = "Release"
+ revealArchiveInOrganizer = "YES">
+ </ArchiveAction>
+</Scheme>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<Scheme
+ LastUpgradeVersion = "0600"
+ version = "1.3">
+ <BuildAction
+ parallelizeBuildables = "YES"
+ buildImplicitDependencies = "YES">
+ <BuildActionEntries>
+ <BuildActionEntry
+ buildForTesting = "YES"
+ buildForRunning = "YES"
+ buildForProfiling = "YES"
+ buildForArchiving = "YES"
+ buildForAnalyzing = "YES">
+ <BuildableReference
+ BuildableIdentifier = "primary"
+ BlueprintIdentifier = "E702E75714E1F48800CDE635"
+ BuildableName = "libSOSRegressions.a"
+ BlueprintName = "libSOSRegressions"
+ ReferencedContainer = "container:sec.xcodeproj">
+ </BuildableReference>
+ </BuildActionEntry>
+ </BuildActionEntries>
+ </BuildAction>
+ <TestAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ buildConfiguration = "Debug">
+ <Testables>
+ </Testables>
+ </TestAction>
+ <LaunchAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ launchStyle = "0"
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Debug"
+ ignoresPersistentStateOnLaunch = "NO"
+ debugDocumentVersioning = "YES"
+ allowLocationSimulation = "YES">
+ <AdditionalOptions>
+ </AdditionalOptions>
+ </LaunchAction>
+ <ProfileAction
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ savedToolIdentifier = ""
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Release"
+ debugDocumentVersioning = "YES">
+ </ProfileAction>
+ <AnalyzeAction
+ buildConfiguration = "Debug">
+ </AnalyzeAction>
+ <ArchiveAction
+ buildConfiguration = "Release"
+ revealArchiveInOrganizer = "YES">
+ </ArchiveAction>
+</Scheme>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<Scheme
+ LastUpgradeVersion = "0600"
+ version = "1.3">
+ <BuildAction
+ parallelizeBuildables = "YES"
+ buildImplicitDependencies = "YES">
+ <BuildActionEntries>
+ <BuildActionEntry
+ buildForTesting = "YES"
+ buildForRunning = "YES"
+ buildForProfiling = "YES"
+ buildForArchiving = "YES"
+ buildForAnalyzing = "YES">
+ <BuildableReference
+ BuildableIdentifier = "primary"
+ BlueprintIdentifier = "186CDD0E14CA116C00AF9171"
+ BuildableName = "libSecItemShimOSX.a"
+ BlueprintName = "libSecItemShimOSX"
+ ReferencedContainer = "container:sec.xcodeproj">
+ </BuildableReference>
+ </BuildActionEntry>
+ </BuildActionEntries>
+ </BuildAction>
+ <TestAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ buildConfiguration = "Debug">
+ <Testables>
+ </Testables>
+ </TestAction>
+ <LaunchAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ launchStyle = "0"
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Debug"
+ ignoresPersistentStateOnLaunch = "NO"
+ debugDocumentVersioning = "YES"
+ allowLocationSimulation = "YES">
+ <AdditionalOptions>
+ </AdditionalOptions>
+ </LaunchAction>
+ <ProfileAction
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ savedToolIdentifier = ""
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Release"
+ debugDocumentVersioning = "YES">
+ </ProfileAction>
+ <AnalyzeAction
+ buildConfiguration = "Debug">
+ </AnalyzeAction>
+ <ArchiveAction
+ buildConfiguration = "Release"
+ revealArchiveInOrganizer = "YES">
+ </ArchiveAction>
+</Scheme>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<Scheme
+ LastUpgradeVersion = "0600"
+ version = "1.3">
+ <BuildAction
+ parallelizeBuildables = "YES"
+ buildImplicitDependencies = "YES">
+ <BuildActionEntries>
+ <BuildActionEntry
+ buildForTesting = "YES"
+ buildForRunning = "YES"
+ buildForProfiling = "YES"
+ buildForArchiving = "YES"
+ buildForAnalyzing = "YES">
+ <BuildableReference
+ BuildableIdentifier = "primary"
+ BlueprintIdentifier = "4A5CCA4E15ACEFA500702357"
+ BuildableName = "libSecOtrOSX.a"
+ BlueprintName = "libSecOtrOSX"
+ ReferencedContainer = "container:sec.xcodeproj">
+ </BuildableReference>
+ </BuildActionEntry>
+ </BuildActionEntries>
+ </BuildAction>
+ <TestAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ buildConfiguration = "Debug">
+ <Testables>
+ </Testables>
+ </TestAction>
+ <LaunchAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ launchStyle = "0"
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Debug"
+ ignoresPersistentStateOnLaunch = "NO"
+ debugDocumentVersioning = "YES"
+ allowLocationSimulation = "YES">
+ <AdditionalOptions>
+ </AdditionalOptions>
+ </LaunchAction>
+ <ProfileAction
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ savedToolIdentifier = ""
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Release"
+ debugDocumentVersioning = "YES">
+ </ProfileAction>
+ <AnalyzeAction
+ buildConfiguration = "Debug">
+ </AnalyzeAction>
+ <ArchiveAction
+ buildConfiguration = "Release"
+ revealArchiveInOrganizer = "YES">
+ </ArchiveAction>
+</Scheme>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<Scheme
+ LastUpgradeVersion = "0600"
+ version = "1.3">
+ <BuildAction
+ parallelizeBuildables = "YES"
+ buildImplicitDependencies = "YES">
+ <BuildActionEntries>
+ <BuildActionEntry
+ buildForTesting = "YES"
+ buildForRunning = "YES"
+ buildForProfiling = "YES"
+ buildForArchiving = "YES"
+ buildForAnalyzing = "YES">
+ <BuildableReference
+ BuildableIdentifier = "primary"
+ BlueprintIdentifier = "E702E73514E1F3EA00CDE635"
+ BuildableName = "libSecureObjectSync.a"
+ BlueprintName = "libSecureObjectSync"
+ ReferencedContainer = "container:sec.xcodeproj">
+ </BuildableReference>
+ </BuildActionEntry>
+ </BuildActionEntries>
+ </BuildAction>
+ <TestAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ buildConfiguration = "Debug">
+ <Testables>
+ </Testables>
+ </TestAction>
+ <LaunchAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ launchStyle = "0"
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Debug"
+ ignoresPersistentStateOnLaunch = "NO"
+ debugDocumentVersioning = "YES"
+ allowLocationSimulation = "YES">
+ <AdditionalOptions>
+ </AdditionalOptions>
+ </LaunchAction>
+ <ProfileAction
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ savedToolIdentifier = ""
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Release"
+ debugDocumentVersioning = "YES">
+ </ProfileAction>
+ <AnalyzeAction
+ buildConfiguration = "Debug">
+ </AnalyzeAction>
+ <ArchiveAction
+ buildConfiguration = "Release"
+ revealArchiveInOrganizer = "YES">
+ </ArchiveAction>
+</Scheme>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<Scheme
+ LastUpgradeVersion = "0600"
+ version = "1.3">
+ <BuildAction
+ parallelizeBuildables = "YES"
+ buildImplicitDependencies = "YES">
+ <BuildActionEntries>
+ <BuildActionEntry
+ buildForTesting = "YES"
+ buildForRunning = "YES"
+ buildForProfiling = "YES"
+ buildForArchiving = "YES"
+ buildForAnalyzing = "YES">
+ <BuildableReference
+ BuildableIdentifier = "primary"
+ BlueprintIdentifier = "E7104A12169E216E00DB0045"
+ BuildableName = "libSecurityCommands.a"
+ BlueprintName = "libSecurityCommands"
+ ReferencedContainer = "container:sec.xcodeproj">
+ </BuildableReference>
+ </BuildActionEntry>
+ </BuildActionEntries>
+ </BuildAction>
+ <TestAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ buildConfiguration = "Debug">
+ <Testables>
+ </Testables>
+ </TestAction>
+ <LaunchAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ launchStyle = "0"
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Debug"
+ ignoresPersistentStateOnLaunch = "NO"
+ debugDocumentVersioning = "YES"
+ allowLocationSimulation = "YES">
+ <AdditionalOptions>
+ </AdditionalOptions>
+ </LaunchAction>
+ <ProfileAction
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ savedToolIdentifier = ""
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Release"
+ debugDocumentVersioning = "YES">
+ </ProfileAction>
+ <AnalyzeAction
+ buildConfiguration = "Debug">
+ </AnalyzeAction>
+ <ArchiveAction
+ buildConfiguration = "Release"
+ revealArchiveInOrganizer = "YES">
+ </ArchiveAction>
+</Scheme>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<Scheme
+ LastUpgradeVersion = "0600"
+ version = "1.3">
+ <BuildAction
+ parallelizeBuildables = "YES"
+ buildImplicitDependencies = "YES">
+ <BuildActionEntries>
+ <BuildActionEntry
+ buildForTesting = "YES"
+ buildForRunning = "YES"
+ buildForProfiling = "YES"
+ buildForArchiving = "YES"
+ buildForAnalyzing = "YES">
+ <BuildableReference
+ BuildableIdentifier = "primary"
+ BlueprintIdentifier = "4A824AFB158FF07000F932C0"
+ BuildableName = "libSecurityRegressions.a"
+ BlueprintName = "libSecurityRegressions"
+ ReferencedContainer = "container:sec.xcodeproj">
+ </BuildableReference>
+ </BuildActionEntry>
+ </BuildActionEntries>
+ </BuildAction>
+ <TestAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ buildConfiguration = "Debug">
+ <Testables>
+ </Testables>
+ </TestAction>
+ <LaunchAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ launchStyle = "0"
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Debug"
+ ignoresPersistentStateOnLaunch = "NO"
+ debugDocumentVersioning = "YES"
+ allowLocationSimulation = "YES">
+ <AdditionalOptions>
+ </AdditionalOptions>
+ </LaunchAction>
+ <ProfileAction
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ savedToolIdentifier = ""
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Release"
+ debugDocumentVersioning = "YES">
+ </ProfileAction>
+ <AnalyzeAction
+ buildConfiguration = "Debug">
+ </AnalyzeAction>
+ <ArchiveAction
+ buildConfiguration = "Release"
+ revealArchiveInOrganizer = "YES">
+ </ArchiveAction>
+</Scheme>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<Scheme
+ LastUpgradeVersion = "0600"
+ version = "1.3">
+ <BuildAction
+ parallelizeBuildables = "YES"
+ buildImplicitDependencies = "YES">
+ <BuildActionEntries>
+ <BuildActionEntry
+ buildForTesting = "YES"
+ buildForRunning = "YES"
+ buildForProfiling = "YES"
+ buildForArchiving = "YES"
+ buildForAnalyzing = "YES">
+ <BuildableReference
+ BuildableIdentifier = "primary"
+ BlueprintIdentifier = "E71049F1169E023B00DB0045"
+ BuildableName = "libSecurityTool.a"
+ BlueprintName = "libSecurityTool"
+ ReferencedContainer = "container:sec.xcodeproj">
+ </BuildableReference>
+ </BuildActionEntry>
+ </BuildActionEntries>
+ </BuildAction>
+ <TestAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ buildConfiguration = "Debug">
+ <Testables>
+ </Testables>
+ </TestAction>
+ <LaunchAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ launchStyle = "0"
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Debug"
+ ignoresPersistentStateOnLaunch = "NO"
+ debugDocumentVersioning = "YES"
+ allowLocationSimulation = "YES">
+ <AdditionalOptions>
+ </AdditionalOptions>
+ </LaunchAction>
+ <ProfileAction
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ savedToolIdentifier = ""
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Release"
+ debugDocumentVersioning = "YES">
+ </ProfileAction>
+ <AnalyzeAction
+ buildConfiguration = "Debug">
+ </AnalyzeAction>
+ <ArchiveAction
+ buildConfiguration = "Release"
+ revealArchiveInOrganizer = "YES">
+ </ArchiveAction>
+</Scheme>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<Scheme
+ LastUpgradeVersion = "0600"
+ version = "1.3">
+ <BuildAction
+ parallelizeBuildables = "YES"
+ buildImplicitDependencies = "YES">
+ <BuildActionEntries>
+ <BuildActionEntry
+ buildForTesting = "YES"
+ buildForRunning = "YES"
+ buildForProfiling = "YES"
+ buildForArchiving = "YES"
+ buildForAnalyzing = "YES">
+ <BuildableReference
+ BuildableIdentifier = "primary"
+ BlueprintIdentifier = "0C0BDB55175687EC00BC1A7E"
+ BuildableName = "libsecdRegressions.a"
+ BlueprintName = "libsecdRegressions"
+ ReferencedContainer = "container:sec.xcodeproj">
+ </BuildableReference>
+ </BuildActionEntry>
+ </BuildActionEntries>
+ </BuildAction>
+ <TestAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ buildConfiguration = "Debug">
+ <Testables>
+ </Testables>
+ </TestAction>
+ <LaunchAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ launchStyle = "0"
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Debug"
+ ignoresPersistentStateOnLaunch = "NO"
+ debugDocumentVersioning = "YES"
+ allowLocationSimulation = "YES">
+ <AdditionalOptions>
+ </AdditionalOptions>
+ </LaunchAction>
+ <ProfileAction
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ savedToolIdentifier = ""
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Release"
+ debugDocumentVersioning = "YES">
+ </ProfileAction>
+ <AnalyzeAction
+ buildConfiguration = "Debug">
+ </AnalyzeAction>
+ <ArchiveAction
+ buildConfiguration = "Release"
+ revealArchiveInOrganizer = "YES">
+ </ArchiveAction>
+</Scheme>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<Scheme
+ LastUpgradeVersion = "0600"
+ version = "1.3">
+ <BuildAction
+ parallelizeBuildables = "YES"
+ buildImplicitDependencies = "YES">
+ <BuildActionEntries>
+ <BuildActionEntry
+ buildForTesting = "YES"
+ buildForRunning = "YES"
+ buildForProfiling = "YES"
+ buildForArchiving = "YES"
+ buildForAnalyzing = "YES">
+ <BuildableReference
+ BuildableIdentifier = "primary"
+ BlueprintIdentifier = "18270F5414CF651900B05E7F"
+ BuildableName = "libsecipc_client.a"
+ BlueprintName = "libsecipc_client"
+ ReferencedContainer = "container:sec.xcodeproj">
+ </BuildableReference>
+ </BuildActionEntry>
+ </BuildActionEntries>
+ </BuildAction>
+ <TestAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ buildConfiguration = "Debug">
+ <Testables>
+ </Testables>
+ </TestAction>
+ <LaunchAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ launchStyle = "0"
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Debug"
+ ignoresPersistentStateOnLaunch = "NO"
+ debugDocumentVersioning = "YES"
+ allowLocationSimulation = "YES">
+ <AdditionalOptions>
+ </AdditionalOptions>
+ </LaunchAction>
+ <ProfileAction
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ savedToolIdentifier = ""
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Release"
+ debugDocumentVersioning = "YES">
+ </ProfileAction>
+ <AnalyzeAction
+ buildConfiguration = "Debug">
+ </AnalyzeAction>
+ <ArchiveAction
+ buildConfiguration = "Release"
+ revealArchiveInOrganizer = "YES">
+ </ArchiveAction>
+</Scheme>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<Scheme
+ LastUpgradeVersion = "0600"
+ version = "1.3">
+ <BuildAction
+ parallelizeBuildables = "YES"
+ buildImplicitDependencies = "YES">
+ <BuildActionEntries>
+ <BuildActionEntry
+ buildForTesting = "YES"
+ buildForRunning = "YES"
+ buildForProfiling = "YES"
+ buildForArchiving = "YES"
+ buildForAnalyzing = "YES">
+ <BuildableReference
+ BuildableIdentifier = "primary"
+ BlueprintIdentifier = "18D4043414CE0CF300A2BE4E"
+ BuildableName = "libsecurity.a"
+ BlueprintName = "libsecurity"
+ ReferencedContainer = "container:sec.xcodeproj">
+ </BuildableReference>
+ </BuildActionEntry>
+ </BuildActionEntries>
+ </BuildAction>
+ <TestAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ buildConfiguration = "Debug">
+ <Testables>
+ </Testables>
+ </TestAction>
+ <LaunchAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ launchStyle = "0"
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Debug"
+ ignoresPersistentStateOnLaunch = "NO"
+ debugDocumentVersioning = "YES"
+ allowLocationSimulation = "YES">
+ <AdditionalOptions>
+ </AdditionalOptions>
+ </LaunchAction>
+ <ProfileAction
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ savedToolIdentifier = ""
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Release"
+ debugDocumentVersioning = "YES">
+ </ProfileAction>
+ <AnalyzeAction
+ buildConfiguration = "Debug">
+ </AnalyzeAction>
+ <ArchiveAction
+ buildConfiguration = "Release"
+ revealArchiveInOrganizer = "YES">
+ </ArchiveAction>
+</Scheme>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<Scheme
+ LastUpgradeVersion = "0600"
+ version = "1.3">
+ <BuildAction
+ parallelizeBuildables = "YES"
+ buildImplicitDependencies = "YES">
+ <BuildActionEntries>
+ <BuildActionEntry
+ buildForTesting = "YES"
+ buildForRunning = "YES"
+ buildForProfiling = "YES"
+ buildForArchiving = "YES"
+ buildForAnalyzing = "YES">
+ <BuildableReference
+ BuildableIdentifier = "primary"
+ BlueprintIdentifier = "18D4056114CE53C200A2BE4E"
+ BuildableName = "libsecurityd.a"
+ BlueprintName = "libsecurityd"
+ ReferencedContainer = "container:sec.xcodeproj">
+ </BuildableReference>
+ </BuildActionEntry>
+ </BuildActionEntries>
+ </BuildAction>
+ <TestAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ buildConfiguration = "Debug">
+ <Testables>
+ </Testables>
+ </TestAction>
+ <LaunchAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ launchStyle = "0"
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Debug"
+ ignoresPersistentStateOnLaunch = "NO"
+ debugDocumentVersioning = "YES"
+ allowLocationSimulation = "YES">
+ <AdditionalOptions>
+ </AdditionalOptions>
+ </LaunchAction>
+ <ProfileAction
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ savedToolIdentifier = ""
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Release"
+ debugDocumentVersioning = "YES">
+ </ProfileAction>
+ <AnalyzeAction
+ buildConfiguration = "Debug">
+ </AnalyzeAction>
+ <ArchiveAction
+ buildConfiguration = "Release"
+ revealArchiveInOrganizer = "YES">
+ </ArchiveAction>
+</Scheme>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<Scheme
+ LastUpgradeVersion = "0600"
+ version = "1.3">
+ <BuildAction
+ parallelizeBuildables = "YES"
+ buildImplicitDependencies = "YES">
+ <BuildActionEntries>
+ <BuildActionEntry
+ buildForTesting = "YES"
+ buildForRunning = "YES"
+ buildForProfiling = "YES"
+ buildForArchiving = "YES"
+ buildForAnalyzing = "YES">
+ <BuildableReference
+ BuildableIdentifier = "primary"
+ BlueprintIdentifier = "4CC92AC215A3BC6B00C6D578"
+ BuildableName = "libsecuritydRegressions.a"
+ BlueprintName = "libsecuritydRegressions"
+ ReferencedContainer = "container:sec.xcodeproj">
+ </BuildableReference>
+ </BuildActionEntry>
+ </BuildActionEntries>
+ </BuildAction>
+ <TestAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ buildConfiguration = "Debug">
+ <Testables>
+ </Testables>
+ </TestAction>
+ <LaunchAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ launchStyle = "0"
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Debug"
+ ignoresPersistentStateOnLaunch = "NO"
+ debugDocumentVersioning = "YES"
+ allowLocationSimulation = "YES">
+ <AdditionalOptions>
+ </AdditionalOptions>
+ </LaunchAction>
+ <ProfileAction
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ savedToolIdentifier = ""
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Release"
+ debugDocumentVersioning = "YES">
+ </ProfileAction>
+ <AnalyzeAction
+ buildConfiguration = "Debug">
+ </AnalyzeAction>
+ <ArchiveAction
+ buildConfiguration = "Release"
+ revealArchiveInOrganizer = "YES">
+ </ArchiveAction>
+</Scheme>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+ <key>SchemeUserState</key>
+ <dict>
+ <key>libCPSRegresssions.xcscheme</key>
+ <dict>
+ <key>orderHint</key>
+ <integer>15</integer>
+ </dict>
+ <key>libCloudKeychainProxy.xcscheme</key>
+ <dict>
+ <key>orderHint</key>
+ <integer>9</integer>
+ </dict>
+ <key>libCloudProtection.xcscheme</key>
+ <dict>
+ <key>orderHint</key>
+ <integer>14</integer>
+ </dict>
+ <key>libSOSCommands.xcscheme</key>
+ <dict>
+ <key>orderHint</key>
+ <integer>12</integer>
+ </dict>
+ <key>libSOSRegressions.xcscheme</key>
+ <dict>
+ <key>orderHint</key>
+ <integer>5</integer>
+ </dict>
+ <key>libSecItemShimOSX.xcscheme</key>
+ <dict>
+ <key>orderHint</key>
+ <integer>2</integer>
+ </dict>
+ <key>libSecOtrOSX.xcscheme</key>
+ <dict>
+ <key>orderHint</key>
+ <integer>8</integer>
+ </dict>
+ <key>libSecureObjectSync.xcscheme</key>
+ <dict>
+ <key>orderHint</key>
+ <integer>4</integer>
+ </dict>
+ <key>libSecurityCommands.xcscheme</key>
+ <dict>
+ <key>orderHint</key>
+ <integer>11</integer>
+ </dict>
+ <key>libSecurityRegressions.xcscheme</key>
+ <dict>
+ <key>orderHint</key>
+ <integer>6</integer>
+ </dict>
+ <key>libSecurityTool.xcscheme</key>
+ <dict>
+ <key>orderHint</key>
+ <integer>10</integer>
+ </dict>
+ <key>libsecdRegressions.xcscheme</key>
+ <dict>
+ <key>orderHint</key>
+ <integer>13</integer>
+ </dict>
+ <key>libsecipc_client.xcscheme</key>
+ <dict>
+ <key>orderHint</key>
+ <integer>3</integer>
+ </dict>
+ <key>libsecurity.xcscheme</key>
+ <dict>
+ <key>orderHint</key>
+ <integer>0</integer>
+ </dict>
+ <key>libsecurityd.xcscheme</key>
+ <dict>
+ <key>orderHint</key>
+ <integer>1</integer>
+ </dict>
+ <key>libsecuritydRegressions.xcscheme</key>
+ <dict>
+ <key>orderHint</key>
+ <integer>7</integer>
+ </dict>
+ </dict>
+ <key>SuppressBuildableAutocreation</key>
+ <dict>
+ <key>0C0BDB55175687EC00BC1A7E</key>
+ <dict>
+ <key>primary</key>
+ <true/>
+ </dict>
+ <key>18270F5414CF651900B05E7F</key>
+ <dict>
+ <key>primary</key>
+ <true/>
+ </dict>
+ <key>186CDD0E14CA116C00AF9171</key>
+ <dict>
+ <key>primary</key>
+ <true/>
+ </dict>
+ <key>18D4043414CE0CF300A2BE4E</key>
+ <dict>
+ <key>primary</key>
+ <true/>
+ </dict>
+ <key>18D4056114CE53C200A2BE4E</key>
+ <dict>
+ <key>primary</key>
+ <true/>
+ </dict>
+ <key>4A5CCA4E15ACEFA500702357</key>
+ <dict>
+ <key>primary</key>
+ <true/>
+ </dict>
+ <key>4A824AFB158FF07000F932C0</key>
+ <dict>
+ <key>primary</key>
+ <true/>
+ </dict>
+ <key>4CC92AC215A3BC6B00C6D578</key>
+ <dict>
+ <key>primary</key>
+ <true/>
+ </dict>
+ <key>5284029F164445760035F320</key>
+ <dict>
+ <key>primary</key>
+ <true/>
+ </dict>
+ <key>E702E73514E1F3EA00CDE635</key>
+ <dict>
+ <key>primary</key>
+ <true/>
+ </dict>
+ <key>E702E75714E1F48800CDE635</key>
+ <dict>
+ <key>primary</key>
+ <true/>
+ </dict>
+ <key>E71049F1169E023B00DB0045</key>
+ <dict>
+ <key>primary</key>
+ <true/>
+ </dict>
+ <key>E7104A12169E216E00DB0045</key>
+ <dict>
+ <key>primary</key>
+ <true/>
+ </dict>
+ <key>E7CBDB711890BD810010B75B</key>
+ <dict>
+ <key>primary</key>
+ <true/>
+ </dict>
+ <key>E7CBDB911890BF350010B75B</key>
+ <dict>
+ <key>primary</key>
+ <true/>
+ </dict>
+ <key>E7FEFB82169E363300E18152</key>
+ <dict>
+ <key>primary</key>
+ <true/>
+ </dict>
+ </dict>
+</dict>
+</plist>
// Both in circle.
+ // Emulation of <rdar://problem/13919554> Innsbruck11A368 +Roots: Device A was removed when Device B joined.
+
// We want Alice to leave circle while an Applicant on a full concordance signed circle with old-Alice as an Alum and Bob a peer.
// ZZZ
ok(SOSAccountLeaveCircles(alice_account, &error), "Alice leaves once more (%@)", error);
the script in the main table.
{pre,main,post, reencode} */
static struct sql_stages s3dl_upgrade_script[] = {
- { -1, 0, 1, false },/* 0->current: Create version 6 database. */
- {}, /* 1->current: Upgrade to version 6 from version 1 -- Unsupported. */
- {}, /* 2->current: Upgrade to version 6 from version 2 -- Unsupported */
- {}, /* 3->current: Upgrade to version 6 from version 3 -- Unsupported */
- {}, /* 4->current: Upgrade to version 6 from version 4 -- Unsupported */
- { 3, 0, 7, true }, /* 5->current: Upgrade to version 6 from version 5 */
+ { -1, 0, 1, false },/* 0->current: Create version 6 (Innsbruck) database. */
+ {}, /* 1->current: Upgrade to version 6 from version 1 (LittleBear) -- Unsupported. */
+ {}, /* 2->current: Upgrade to version 6 from version 2 (BigBearBeta) -- Unsupported */
+ {}, /* 3->current: Upgrade to version 6 from version 3 (Apex) -- Unsupported */
+ {}, /* 4->current: Upgrade to version 6 from version 4 (Telluride) -- Unsupported */
+ { 3, 0, 7, true }, /* 5->current: Upgrade to version 6 from version 5 (TellurideGM). */
};
static bool sql_run_script(SecDbConnectionRef dbt, int number, CFErrorRef *error)
projects / apple / security.git / commitdiff
