Security-54.1.tar.gz

diff --git a/AppleCSP/CVSVersionInfo.txt b/AppleCSP/CVSVersionInfo.txt
index e4d9558ee1a0ea49327e32fa22247c91129234ac..a64d2a384dce8e370c31187743d65287eb506e31 100644 (file)
--- a/AppleCSP/CVSVersionInfo.txt
+++ b/AppleCSP/CVSVersionInfo.txt
@@ -1,5 +1,5 @@
 # Created and modified by checkpoint; do not edit
 # $Id: CVSVersionInfo.txt,v 1.1.1.1 2001/05/18 23:13:47 mb Exp $
-# $Name:  $
+# $Name: Security-54~1 $
 ProjectName: AppleCSP
 ProjectVersion: 16

diff --git a/AppleCSPDL/CVSVersionInfo.txt b/AppleCSPDL/CVSVersionInfo.txt
index 2bc0c2dbb080d87f387254def97dcb0575580e63..f6d2ca5741fc4cc3102b0267c1df102feca8ebfe 100644 (file)
--- a/AppleCSPDL/CVSVersionInfo.txt
+++ b/AppleCSPDL/CVSVersionInfo.txt
@@ -1,5 +1,5 @@
 # Created and modified by checkpoint; do not edit
 # $Id: CVSVersionInfo.txt,v 1.1.1.1 2001/05/18 23:13:51 mb Exp $
-# $Name:  $
+# $Name: Security-54~1 $
 ProjectName: AppleCSPDL
 ProjectVersion: 15

diff --git a/AppleDL/CVSVersionInfo.txt b/AppleDL/CVSVersionInfo.txt
index 60b809569d1dc336e12754bcf278e95519808d3c..597b0ad9e486dff1888595d054dfa459b858660d 100644 (file)
--- a/AppleDL/CVSVersionInfo.txt
+++ b/AppleDL/CVSVersionInfo.txt
@@ -1,5 +1,5 @@
 # Created and modified by checkpoint; do not edit
 # $Id: CVSVersionInfo.txt,v 1.1.1.1 2001/05/18 23:13:52 mb Exp $
-# $Name:  $
+# $Name: Security-54~1 $
 ProjectName: AppleDL
 ProjectVersion: 13

diff --git a/AppleX509CL/CVSVersionInfo.txt b/AppleX509CL/CVSVersionInfo.txt
index 2f45cd473c51eb23d7d0e354f089a78d4daa4670..de7bab22484eb69874d81be0a27ff64ef77118f4 100644 (file)
--- a/AppleX509CL/CVSVersionInfo.txt
+++ b/AppleX509CL/CVSVersionInfo.txt
@@ -1,5 +1,5 @@
 # Created and modified by checkpoint; do not edit
 # $Id: CVSVersionInfo.txt,v 1.1.1.1 2001/05/18 23:13:52 mb Exp $
-# $Name:  $
+# $Name: Security-54~1 $
 ProjectName: AppleX509CL
 ProjectVersion: 3

diff --git a/AppleX509TP/CVSVersionInfo.txt b/AppleX509TP/CVSVersionInfo.txt
index 5d71b6edf49fd655b6dafabdbd90381d4809f246..124d1150dc8cac2c01af2bd5d195915f1e518dda 100644 (file)
--- a/AppleX509TP/CVSVersionInfo.txt
+++ b/AppleX509TP/CVSVersionInfo.txt
@@ -1,5 +1,5 @@
 # Created and modified by checkpoint; do not edit
 # $Id: CVSVersionInfo.txt,v 1.1.1.1 2001/05/18 23:13:53 mb Exp $
-# $Name:  $
+# $Name: Security-54~1 $
 ProjectName: AppleX509TP
 ProjectVersion: 3

diff --git a/AppleX509TP/tpPolicies.cpp b/AppleX509TP/tpPolicies.cpp
index 36d8e06fb3002253eb6984aef899e21910423641..80cf08620cb9b769ae7314ec986f7f4fe4a8aefe 100644 (file)
--- a/AppleX509TP/tpPolicies.cpp
+++ b/AppleX509TP/tpPolicies.cpp
@@ -765,9 +765,9 @@ CSSM_RETURN tp_policyVerify(
                                        case kTP_SSL:
                                                /* 
                                                 * not present, not leaf, not root, kTPx509Basic 
-                                                * ....OK; infer as true 
+                                                * ....RFC2459 says this can not be a CA 
                                                 */
-                                               cA = CSSM_TRUE;
+                                               cA = CSSM_FALSE;
                                                break;
                                        case kTPiSign:
                                                /* required for iSign in this position */
@@ -793,7 +793,28 @@ CSSM_RETURN tp_policyVerify(
                                thisTpCertInfo->addStatusCode(CSSMERR_TP_VERIFY_ACTION_FAILED);
                        }
                        #endif  /* BASIC_CONSTRAINTS_MUST_BE_CRITICAL */
-                       cA = thisCertInfo->basicConstraints.extnData->basicConstraints.cA;
+
+                       const CE_BasicConstraints *bcp = 
+                               &thisCertInfo->basicConstraints.extnData->basicConstraints;
+                       
+                       cA = bcp->cA;
+                       
+                       /* Verify pathLenConstraint if present */
+                       if(!isLeaf &&                                                   // leaf, certDex=0, don't care
+                          cA &&                                                                // p.l.c. only valid for CAs
+                          bcp->pathLenConstraintPresent) {             // present?
+                               /*
+                                * pathLenConstraint=0 legal for certDex 1 only
+                                * pathLenConstraint=1 legal for certDex {1,2}
+                                * etc. 
+                                */ 
+                               if(certDex > (bcp->pathLenConstraint + 1)) {
+                                       errorLog0("tp_policyVerify: pathLenConstraint exceeded\n");
+                                       policyFail = CSSM_TRUE;
+                                       thisTpCertInfo->addStatusCode(
+                                                       CSSMERR_APPLETP_PATH_LEN_CONSTRAINT);
+                               }
+                       }
                }
                
                if(isLeaf) {

diff --git a/SecureTransport/CVSVersionInfo.txt b/SecureTransport/CVSVersionInfo.txt
index e0a4f43db75fa6feb883343a0c5fce36f426b96c..db4371c9400e088fe99d126a3c693704b0ab2fb4 100644 (file)
--- a/SecureTransport/CVSVersionInfo.txt
+++ b/SecureTransport/CVSVersionInfo.txt
@@ -1,5 +1,5 @@
 # Created and modified by checkpoint; do not edit
 # $Id: CVSVersionInfo.txt,v 1.1.1.1 2001/05/18 23:13:58 mb Exp $
-# $Name:  $
+# $Name: Security-54~1 $
 ProjectName: SecureTransport
 ProjectVersion: 3

diff --git a/Security.pbproj/project.pbxproj b/Security.pbproj/project.pbxproj
index 1ea638058e12aceb41b19185cdc888563df20a12..8432c4dba8cd7cac1dbd6cb12edb51913d108555 100644 (file)
--- a/Security.pbproj/project.pbxproj
+++ b/Security.pbproj/project.pbxproj
@@ -121,7 +121,7 @@
                        );
                        buildSettings = {
                                DYLIB_COMPATIBILITY_VERSION = 1;
-                               DYLIB_CURRENT_VERSION = 53;
+                               DYLIB_CURRENT_VERSION = 54.1;
                                FRAMEWORK_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks\"";
                                HEADER_SEARCH_PATHS = "\"$(BUILT_PRODUCTS_DIR)/BSafe.framework/Headers\" \"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks/BSafe.framework/Headers\" \"$(SRCROOT)/AppleCSP\" \"$(SRCROOT)/AppleCSP/open_ssl\"";
                                LIBRARY_STYLE = STATIC;
@@ -388,7 +388,7 @@
                        );
                        buildSettings = {
                                DYLIB_COMPATIBILITY_VERSION = 1;
-                               DYLIB_CURRENT_VERSION = 53;
+                               DYLIB_CURRENT_VERSION = 54.1;
                                LIBRARY_STYLE = STATIC;
                                OPTIMIZATION_CFLAGS = "-Os -DNDEBUG";
                                OTHER_CFLAGS = "-DVDADER_RULES";
@@ -463,7 +463,7 @@
                        );
                        buildSettings = {
                                DYLIB_COMPATIBILITY_VERSION = 1;
-                               DYLIB_CURRENT_VERSION = 53;
+                               DYLIB_CURRENT_VERSION = 54.1;
                                LIBRARY_STYLE = STATIC;
                                OPTIMIZATION_CFLAGS = "-Os -DNDEBUG";
                                OTHER_CFLAGS = "";
@@ -520,7 +520,7 @@
                        );
                        buildSettings = {
                                DYLIB_COMPATIBILITY_VERSION = 1;
-                               DYLIB_CURRENT_VERSION = 53;
+                               DYLIB_CURRENT_VERSION = 54.1;
                                LIBRARY_STYLE = STATIC;
                                OPTIMIZATION_CFLAGS = "-Os -DNDEBUG";
                                OTHER_CFLAGS = "-DVDADER_RULES";
@@ -599,7 +599,7 @@
                        );
                        buildSettings = {
                                DYLIB_COMPATIBILITY_VERSION = 1;
-                               DYLIB_CURRENT_VERSION = 53;
+                               DYLIB_CURRENT_VERSION = 54.1;
                                LIBRARY_STYLE = STATIC;
                                OPTIMIZATION_CFLAGS = "-Os -DNDEBUG";
                                OTHER_CFLAGS = "-DVDADER_RULES";
@@ -7560,7 +7560,7 @@
                                01FA8900FFF2BC5611CD283A,
                        );
                        buildSettings = {
-                               CURRENT_PROJECT_VERSION = 53;
+                               CURRENT_PROJECT_VERSION = 54.1;
                                INSTALL_PATH = "$(SYSTEM_CORE_SERVICES_DIR)";
                                LIBRARY_SEARCH_PATHS = "";
                                OPTIMIZATION_CFLAGS = "-Os -DNDEBUG";
@@ -7673,7 +7673,7 @@
                                01FA890AFFF2BCA811CD283A,
                        );
                        buildSettings = {
-                               CURRENT_PROJECT_VERSION = 53;
+                               CURRENT_PROJECT_VERSION = 54.1;
                                INSTALL_PATH = "$(SYSTEM_CORE_SERVICES_DIR)";
                                LIBRARY_SEARCH_PATHS = "";
                                OPTIMIZATION_CFLAGS = "-Os -DNDEBUG";
@@ -8019,7 +8019,7 @@
                        );
                        buildSettings = {
                                DYLIB_COMPATIBILITY_VERSION = 1;
-                               DYLIB_CURRENT_VERSION = 53;
+                               DYLIB_CURRENT_VERSION = 54.1;
                                INSTALL_PATH = /usr/local/lib;
                                LIBRARY_STYLE = STATIC;
                                OPTIMIZATION_CFLAGS = "-Os -DNDEBUG";
@@ -9330,9 +9330,9 @@
                                F5DDE3AE00B3358F01CD283A,
                        );
                        buildSettings = {
-                               CURRENT_PROJECT_VERSION = 53;
+                               CURRENT_PROJECT_VERSION = 54.1;
                                DYLIB_COMPATIBILITY_VERSION = 1;
-                               DYLIB_CURRENT_VERSION = 53;
+                               DYLIB_CURRENT_VERSION = 54.1;
                                FRAMEWORK_SEARCH_PATHS = "";
                                FRAMEWORK_VERSION = A;
                                HEADER_SEARCH_PATHS = "\"$(SRCROOT)\" \"$(BUILT_PRODUCTS_DIR)/derived_src\"";
@@ -9379,11 +9379,11 @@
        <key>CFBundlePackageType</key>
        <string>FMWK</string>
        <key>CFBundleShortVersionString</key>
-       <string>1.1</string>
+       <string>1.1.1</string>
        <key>CFBundleSignature</key>
        <string>????</string>
        <key>CFBundleVersion</key>
-       <string>53</string>
+       <string>54.1</string>
 </dict>
 </plist>
 ";
@@ -10479,7 +10479,7 @@
                        );
                        buildSettings = {
                                DYLIB_COMPATIBILITY_VERSION = 1;
-                               DYLIB_CURRENT_VERSION = 53;
+                               DYLIB_CURRENT_VERSION = 54.1;
                                HEADER_SEARCH_PATHS = "\"$(BUILT_PRODUCTS_DIR)/include\"";
                                INSTALL_PATH = /usr/local/lib;
                                LIBRARY_STYLE = STATIC;
@@ -12245,7 +12245,7 @@
                                325EAA2800D6B08805CD296C,
                        );
                        buildSettings = {
-                               CURRENT_PROJECT_VERSION = 53;
+                               CURRENT_PROJECT_VERSION = 54.1;
                                LIBRARY_SEARCH_PATHS = "";
                                OPTIMIZATION_CFLAGS = "-Os -DNDEBUG";
                                OTHER_CFLAGS = "";
@@ -12285,11 +12285,11 @@
        <key>CFBundlePackageType</key>
        <string>BNDL</string>
        <key>CFBundleShortVersionString</key>
-       <string>1.1</string>
+       <string>1.1.1</string>
        <key>CFBundleSignature</key>
        <string>????</string>
        <key>CFBundleVersion</key>
-       <string>53</string>
+       <string>54.1</string>
 </dict>
 </plist>
 ";
@@ -12794,7 +12794,7 @@
                                3290382100D6BA5905CD296C,
                        );
                        buildSettings = {
-                               CURRENT_PROJECT_VERSION = 53;
+                               CURRENT_PROJECT_VERSION = 54.1;
                                LIBRARY_SEARCH_PATHS = "";
                                OPTIMIZATION_CFLAGS = "-Os -DNDEBUG";
                                OTHER_CFLAGS = "";
@@ -12835,11 +12835,11 @@
        <key>CFBundlePackageType</key>
        <string>BNDL</string>
        <key>CFBundleShortVersionString</key>
-       <string>1.1</string>
+       <string>1.1.1</string>
        <key>CFBundleSignature</key>
        <string>????</string>
        <key>CFBundleVersion</key>
-       <string>53</string>
+       <string>54.1</string>
 </dict>
 </plist>
 ";
@@ -12899,7 +12899,7 @@
                                3290382700D6BA5905CD296C,
                        );
                        buildSettings = {
-                               CURRENT_PROJECT_VERSION = 53;
+                               CURRENT_PROJECT_VERSION = 54.1;
                                LIBRARY_SEARCH_PATHS = "";
                                OPTIMIZATION_CFLAGS = "-Os -DNDEBUG";
                                OTHER_CFLAGS = "";
@@ -12940,11 +12940,11 @@
        <key>CFBundlePackageType</key>
        <string>BNDL</string>
        <key>CFBundleShortVersionString</key>
-       <string>1.1</string>
+       <string>1.1.1</string>
        <key>CFBundleSignature</key>
        <string>????</string>
        <key>CFBundleVersion</key>
-       <string>53</string>
+       <string>54.1</string>
 </dict>
 </plist>
 ";
@@ -12992,7 +12992,7 @@
                                3290382D00D6BA5905CD296C,
                        );
                        buildSettings = {
-                               CURRENT_PROJECT_VERSION = 53;
+                               CURRENT_PROJECT_VERSION = 54.1;
                                LIBRARY_SEARCH_PATHS = "";
                                OPTIMIZATION_CFLAGS = "-Os -DNDEBUG";
                                OTHER_CFLAGS = "";
@@ -13033,11 +13033,11 @@
        <key>CFBundlePackageType</key>
        <string>BNDL</string>
        <key>CFBundleShortVersionString</key>
-       <string>1.1</string>
+       <string>1.1.1</string>
        <key>CFBundleSignature</key>
        <string>????</string>
        <key>CFBundleVersion</key>
-       <string>53</string>
+       <string>54.1</string>
 </dict>
 </plist>
 ";
@@ -13085,7 +13085,7 @@
                                3290383300D6BA5905CD296C,
                        );
                        buildSettings = {
-                               CURRENT_PROJECT_VERSION = 53;
+                               CURRENT_PROJECT_VERSION = 54.1;
                                LIBRARY_SEARCH_PATHS = "";
                                OPTIMIZATION_CFLAGS = "-Os -DNDEBUG";
                                OTHER_LDFLAGS = "-bundle -undefined error";
@@ -13124,11 +13124,11 @@
        <key>CFBundlePackageType</key>
        <string>BNDL</string>
        <key>CFBundleShortVersionString</key>
-       <string>1.1</string>
+       <string>1.1.1</string>
        <key>CFBundleSignature</key>
        <string>????</string>
        <key>CFBundleVersion</key>
-       <string>53</string>
+       <string>54.1</string>
 </dict>
 </plist>
 ";

diff --git a/SecurityASN1/CVSVersionInfo.txt b/SecurityASN1/CVSVersionInfo.txt
index f56cb45b2c55bf6912c64f685752345a2f6c4bd2..d9d566ddcfaab0c2824e716623136d974e84a3c1 100644 (file)
--- a/SecurityASN1/CVSVersionInfo.txt
+++ b/SecurityASN1/CVSVersionInfo.txt
@@ -1,5 +1,5 @@
 # Created and modified by checkpoint; do not edit
 # $Id: CVSVersionInfo.txt,v 1.1.1.1 2001/05/18 23:13:59 mb Exp $
-# $Name:  $
+# $Name: Security-54~1 $
 ProjectName: SecurityASN1
 ProjectVersion: 6

diff --git a/SecuritySNACCRuntime/CVSVersionInfo.txt b/SecuritySNACCRuntime/CVSVersionInfo.txt
index 56be069d0f532aa87066a2de5569d4a2a6bdff12..e75ce0a046f95e62ad7f5a5cda830b6f9570217c 100644 (file)
--- a/SecuritySNACCRuntime/CVSVersionInfo.txt
+++ b/SecuritySNACCRuntime/CVSVersionInfo.txt
@@ -1,5 +1,5 @@
 # Created and modified by checkpoint; do not edit
 # $Id: CVSVersionInfo.txt,v 1.1.1.1 2001/05/18 23:14:04 mb Exp $
-# $Name:  $
+# $Name: Security-54~1 $
 ProjectName: SecuritySNACCRuntime
 ProjectVersion: 6.1

diff --git a/SecurityServer/CVSVersionInfo.txt b/SecurityServer/CVSVersionInfo.txt
index 80294d1bf4bd782720b5e9c21bafc7164042bea1..3bcd28d53ed40f097b7366f7d3a236b2ff401884 100644 (file)
--- a/SecurityServer/CVSVersionInfo.txt
+++ b/SecurityServer/CVSVersionInfo.txt
@@ -1,5 +1,5 @@
 # Created and modified by checkpoint; do not edit
 # $Id: CVSVersionInfo.txt,v 1.1.1.1 2001/05/18 23:14:00 mb Exp $
-# $Name:  $
+# $Name: Security-54~1 $
 ProjectName: SecurityServer
 ProjectVersion: 17.1

diff --git a/cdsa/CVSVersionInfo.txt b/cdsa/CVSVersionInfo.txt
index dbee6b90c7303b3f2e4cc201d94d69d263485261..030e8ded6bbce269f9eb1907edb941cc7b748afd 100644 (file)
--- a/cdsa/CVSVersionInfo.txt
+++ b/cdsa/CVSVersionInfo.txt
@@ -1,5 +1,5 @@
 # Created and modified by checkpoint; do not edit
 # $Id: CVSVersionInfo.txt,v 1.1.1.1 2001/05/18 23:13:53 mb Exp $
-# $Name:  $
+# $Name: Security-54~1 $
 ProjectName: cdsa
 ProjectVersion: 21

diff --git a/cdsa/cdsa/cssmapple.h b/cdsa/cdsa/cssmapple.h
index b73bb1b3610b6ff7c2cb1683c6e50f429d7d34d2..785ac703b9a1f6e66f05078bdd243d1223fca914 100644 (file)
--- a/cdsa/cdsa/cssmapple.h
+++ b/cdsa/cdsa/cssmapple.h
@@ -266,6 +266,8 @@ enum
        CSSMERR_APPLETP_INVALID_EXTENDED_KEY_USAGE =    CSSM_TP_PRIVATE_ERROR + 7,
        /* Invalid Subject/Authority Key ID Linkage */
        CSSMERR_APPLETP_INVALID_ID_LINKAGE =                    CSSM_TP_PRIVATE_ERROR + 8,
+       /* PathLengthConstraint exceeded */
+       CSSMERR_APPLETP_PATH_LEN_CONSTRAINT =                   CSSM_TP_PRIVATE_ERROR + 9,
 };
 
 enum