From 67c7378dcb8de24c86b7fedff90b4b496f2e474c Mon Sep 17 00:00:00 2001 From: Apple Date: Wed, 14 Aug 2002 20:56:19 +0000 Subject: [PATCH] Security-54.1.tar.gz --- AppleCSP/CVSVersionInfo.txt | 2 +- AppleCSPDL/CVSVersionInfo.txt | 2 +- AppleDL/CVSVersionInfo.txt | 2 +- AppleX509CL/CVSVersionInfo.txt | 2 +- AppleX509TP/CVSVersionInfo.txt | 2 +- AppleX509TP/tpPolicies.cpp | 27 ++++++++++-- SecureTransport/CVSVersionInfo.txt | 2 +- Security.pbproj/project.pbxproj | 56 ++++++++++++------------- SecurityASN1/CVSVersionInfo.txt | 2 +- SecuritySNACCRuntime/CVSVersionInfo.txt | 2 +- SecurityServer/CVSVersionInfo.txt | 2 +- cdsa/CVSVersionInfo.txt | 2 +- cdsa/cdsa/cssmapple.h | 2 + 13 files changed, 64 insertions(+), 41 deletions(-) diff --git a/AppleCSP/CVSVersionInfo.txt b/AppleCSP/CVSVersionInfo.txt index e4d9558e..a64d2a38 100644 --- a/AppleCSP/CVSVersionInfo.txt +++ b/AppleCSP/CVSVersionInfo.txt @@ -1,5 +1,5 @@ # Created and modified by checkpoint; do not edit # $Id: CVSVersionInfo.txt,v 1.1.1.1 2001/05/18 23:13:47 mb Exp $ -# $Name: $ +# $Name: Security-54~1 $ ProjectName: AppleCSP ProjectVersion: 16 diff --git a/AppleCSPDL/CVSVersionInfo.txt b/AppleCSPDL/CVSVersionInfo.txt index 2bc0c2db..f6d2ca57 100644 --- a/AppleCSPDL/CVSVersionInfo.txt +++ b/AppleCSPDL/CVSVersionInfo.txt @@ -1,5 +1,5 @@ # Created and modified by checkpoint; do not edit # $Id: CVSVersionInfo.txt,v 1.1.1.1 2001/05/18 23:13:51 mb Exp $ -# $Name: $ +# $Name: Security-54~1 $ ProjectName: AppleCSPDL ProjectVersion: 15 diff --git a/AppleDL/CVSVersionInfo.txt b/AppleDL/CVSVersionInfo.txt index 60b80956..597b0ad9 100644 --- a/AppleDL/CVSVersionInfo.txt +++ b/AppleDL/CVSVersionInfo.txt @@ -1,5 +1,5 @@ # Created and modified by checkpoint; do not edit # $Id: CVSVersionInfo.txt,v 1.1.1.1 2001/05/18 23:13:52 mb Exp $ -# $Name: $ +# $Name: Security-54~1 $ ProjectName: AppleDL ProjectVersion: 13 diff --git a/AppleX509CL/CVSVersionInfo.txt b/AppleX509CL/CVSVersionInfo.txt index 2f45cd47..de7bab22 100644 --- a/AppleX509CL/CVSVersionInfo.txt +++ b/AppleX509CL/CVSVersionInfo.txt @@ -1,5 +1,5 @@ # Created and modified by checkpoint; do not edit # $Id: CVSVersionInfo.txt,v 1.1.1.1 2001/05/18 23:13:52 mb Exp $ -# $Name: $ +# $Name: Security-54~1 $ ProjectName: AppleX509CL ProjectVersion: 3 diff --git a/AppleX509TP/CVSVersionInfo.txt b/AppleX509TP/CVSVersionInfo.txt index 5d71b6ed..124d1150 100644 --- a/AppleX509TP/CVSVersionInfo.txt +++ b/AppleX509TP/CVSVersionInfo.txt @@ -1,5 +1,5 @@ # Created and modified by checkpoint; do not edit # $Id: CVSVersionInfo.txt,v 1.1.1.1 2001/05/18 23:13:53 mb Exp $ -# $Name: $ +# $Name: Security-54~1 $ ProjectName: AppleX509TP ProjectVersion: 3 diff --git a/AppleX509TP/tpPolicies.cpp b/AppleX509TP/tpPolicies.cpp index 36d8e06f..80cf0862 100644 --- a/AppleX509TP/tpPolicies.cpp +++ b/AppleX509TP/tpPolicies.cpp @@ -765,9 +765,9 @@ CSSM_RETURN tp_policyVerify( case kTP_SSL: /* * not present, not leaf, not root, kTPx509Basic - * ....OK; infer as true + * ....RFC2459 says this can not be a CA */ - cA = CSSM_TRUE; + cA = CSSM_FALSE; break; case kTPiSign: /* required for iSign in this position */ @@ -793,7 +793,28 @@ CSSM_RETURN tp_policyVerify( thisTpCertInfo->addStatusCode(CSSMERR_TP_VERIFY_ACTION_FAILED); } #endif /* BASIC_CONSTRAINTS_MUST_BE_CRITICAL */ - cA = thisCertInfo->basicConstraints.extnData->basicConstraints.cA; + + const CE_BasicConstraints *bcp = + &thisCertInfo->basicConstraints.extnData->basicConstraints; + + cA = bcp->cA; + + /* Verify pathLenConstraint if present */ + if(!isLeaf && // leaf, certDex=0, don't care + cA && // p.l.c. only valid for CAs + bcp->pathLenConstraintPresent) { // present? + /* + * pathLenConstraint=0 legal for certDex 1 only + * pathLenConstraint=1 legal for certDex {1,2} + * etc. + */ + if(certDex > (bcp->pathLenConstraint + 1)) { + errorLog0("tp_policyVerify: pathLenConstraint exceeded\n"); + policyFail = CSSM_TRUE; + thisTpCertInfo->addStatusCode( + CSSMERR_APPLETP_PATH_LEN_CONSTRAINT); + } + } } if(isLeaf) { diff --git a/SecureTransport/CVSVersionInfo.txt b/SecureTransport/CVSVersionInfo.txt index e0a4f43d..db4371c9 100644 --- a/SecureTransport/CVSVersionInfo.txt +++ b/SecureTransport/CVSVersionInfo.txt @@ -1,5 +1,5 @@ # Created and modified by checkpoint; do not edit # $Id: CVSVersionInfo.txt,v 1.1.1.1 2001/05/18 23:13:58 mb Exp $ -# $Name: $ +# $Name: Security-54~1 $ ProjectName: SecureTransport ProjectVersion: 3 diff --git a/Security.pbproj/project.pbxproj b/Security.pbproj/project.pbxproj index 1ea63805..8432c4db 100644 --- a/Security.pbproj/project.pbxproj +++ b/Security.pbproj/project.pbxproj @@ -121,7 +121,7 @@ ); buildSettings = { DYLIB_COMPATIBILITY_VERSION = 1; - DYLIB_CURRENT_VERSION = 53; + DYLIB_CURRENT_VERSION = 54.1; FRAMEWORK_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks\""; HEADER_SEARCH_PATHS = "\"$(BUILT_PRODUCTS_DIR)/BSafe.framework/Headers\" \"$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks/BSafe.framework/Headers\" \"$(SRCROOT)/AppleCSP\" \"$(SRCROOT)/AppleCSP/open_ssl\""; LIBRARY_STYLE = STATIC; @@ -388,7 +388,7 @@ ); buildSettings = { DYLIB_COMPATIBILITY_VERSION = 1; - DYLIB_CURRENT_VERSION = 53; + DYLIB_CURRENT_VERSION = 54.1; LIBRARY_STYLE = STATIC; OPTIMIZATION_CFLAGS = "-Os -DNDEBUG"; OTHER_CFLAGS = "-DVDADER_RULES"; @@ -463,7 +463,7 @@ ); buildSettings = { DYLIB_COMPATIBILITY_VERSION = 1; - DYLIB_CURRENT_VERSION = 53; + DYLIB_CURRENT_VERSION = 54.1; LIBRARY_STYLE = STATIC; OPTIMIZATION_CFLAGS = "-Os -DNDEBUG"; OTHER_CFLAGS = ""; @@ -520,7 +520,7 @@ ); buildSettings = { DYLIB_COMPATIBILITY_VERSION = 1; - DYLIB_CURRENT_VERSION = 53; + DYLIB_CURRENT_VERSION = 54.1; LIBRARY_STYLE = STATIC; OPTIMIZATION_CFLAGS = "-Os -DNDEBUG"; OTHER_CFLAGS = "-DVDADER_RULES"; @@ -599,7 +599,7 @@ ); buildSettings = { DYLIB_COMPATIBILITY_VERSION = 1; - DYLIB_CURRENT_VERSION = 53; + DYLIB_CURRENT_VERSION = 54.1; LIBRARY_STYLE = STATIC; OPTIMIZATION_CFLAGS = "-Os -DNDEBUG"; OTHER_CFLAGS = "-DVDADER_RULES"; @@ -7560,7 +7560,7 @@ 01FA8900FFF2BC5611CD283A, ); buildSettings = { - CURRENT_PROJECT_VERSION = 53; + CURRENT_PROJECT_VERSION = 54.1; INSTALL_PATH = "$(SYSTEM_CORE_SERVICES_DIR)"; LIBRARY_SEARCH_PATHS = ""; OPTIMIZATION_CFLAGS = "-Os -DNDEBUG"; @@ -7673,7 +7673,7 @@ 01FA890AFFF2BCA811CD283A, ); buildSettings = { - CURRENT_PROJECT_VERSION = 53; + CURRENT_PROJECT_VERSION = 54.1; INSTALL_PATH = "$(SYSTEM_CORE_SERVICES_DIR)"; LIBRARY_SEARCH_PATHS = ""; OPTIMIZATION_CFLAGS = "-Os -DNDEBUG"; @@ -8019,7 +8019,7 @@ ); buildSettings = { DYLIB_COMPATIBILITY_VERSION = 1; - DYLIB_CURRENT_VERSION = 53; + DYLIB_CURRENT_VERSION = 54.1; INSTALL_PATH = /usr/local/lib; LIBRARY_STYLE = STATIC; OPTIMIZATION_CFLAGS = "-Os -DNDEBUG"; @@ -9330,9 +9330,9 @@ F5DDE3AE00B3358F01CD283A, ); buildSettings = { - CURRENT_PROJECT_VERSION = 53; + CURRENT_PROJECT_VERSION = 54.1; DYLIB_COMPATIBILITY_VERSION = 1; - DYLIB_CURRENT_VERSION = 53; + DYLIB_CURRENT_VERSION = 54.1; FRAMEWORK_SEARCH_PATHS = ""; FRAMEWORK_VERSION = A; HEADER_SEARCH_PATHS = "\"$(SRCROOT)\" \"$(BUILT_PRODUCTS_DIR)/derived_src\""; @@ -9379,11 +9379,11 @@ CFBundlePackageType FMWK CFBundleShortVersionString - 1.1 + 1.1.1 CFBundleSignature ???? CFBundleVersion - 53 + 54.1 "; @@ -10479,7 +10479,7 @@ ); buildSettings = { DYLIB_COMPATIBILITY_VERSION = 1; - DYLIB_CURRENT_VERSION = 53; + DYLIB_CURRENT_VERSION = 54.1; HEADER_SEARCH_PATHS = "\"$(BUILT_PRODUCTS_DIR)/include\""; INSTALL_PATH = /usr/local/lib; LIBRARY_STYLE = STATIC; @@ -12245,7 +12245,7 @@ 325EAA2800D6B08805CD296C, ); buildSettings = { - CURRENT_PROJECT_VERSION = 53; + CURRENT_PROJECT_VERSION = 54.1; LIBRARY_SEARCH_PATHS = ""; OPTIMIZATION_CFLAGS = "-Os -DNDEBUG"; OTHER_CFLAGS = ""; @@ -12285,11 +12285,11 @@ CFBundlePackageType BNDL CFBundleShortVersionString - 1.1 + 1.1.1 CFBundleSignature ???? CFBundleVersion - 53 + 54.1 "; @@ -12794,7 +12794,7 @@ 3290382100D6BA5905CD296C, ); buildSettings = { - CURRENT_PROJECT_VERSION = 53; + CURRENT_PROJECT_VERSION = 54.1; LIBRARY_SEARCH_PATHS = ""; OPTIMIZATION_CFLAGS = "-Os -DNDEBUG"; OTHER_CFLAGS = ""; @@ -12835,11 +12835,11 @@ CFBundlePackageType BNDL CFBundleShortVersionString - 1.1 + 1.1.1 CFBundleSignature ???? CFBundleVersion - 53 + 54.1 "; @@ -12899,7 +12899,7 @@ 3290382700D6BA5905CD296C, ); buildSettings = { - CURRENT_PROJECT_VERSION = 53; + CURRENT_PROJECT_VERSION = 54.1; LIBRARY_SEARCH_PATHS = ""; OPTIMIZATION_CFLAGS = "-Os -DNDEBUG"; OTHER_CFLAGS = ""; @@ -12940,11 +12940,11 @@ CFBundlePackageType BNDL CFBundleShortVersionString - 1.1 + 1.1.1 CFBundleSignature ???? CFBundleVersion - 53 + 54.1 "; @@ -12992,7 +12992,7 @@ 3290382D00D6BA5905CD296C, ); buildSettings = { - CURRENT_PROJECT_VERSION = 53; + CURRENT_PROJECT_VERSION = 54.1; LIBRARY_SEARCH_PATHS = ""; OPTIMIZATION_CFLAGS = "-Os -DNDEBUG"; OTHER_CFLAGS = ""; @@ -13033,11 +13033,11 @@ CFBundlePackageType BNDL CFBundleShortVersionString - 1.1 + 1.1.1 CFBundleSignature ???? CFBundleVersion - 53 + 54.1 "; @@ -13085,7 +13085,7 @@ 3290383300D6BA5905CD296C, ); buildSettings = { - CURRENT_PROJECT_VERSION = 53; + CURRENT_PROJECT_VERSION = 54.1; LIBRARY_SEARCH_PATHS = ""; OPTIMIZATION_CFLAGS = "-Os -DNDEBUG"; OTHER_LDFLAGS = "-bundle -undefined error"; @@ -13124,11 +13124,11 @@ CFBundlePackageType BNDL CFBundleShortVersionString - 1.1 + 1.1.1 CFBundleSignature ???? CFBundleVersion - 53 + 54.1 "; diff --git a/SecurityASN1/CVSVersionInfo.txt b/SecurityASN1/CVSVersionInfo.txt index f56cb45b..d9d566dd 100644 --- a/SecurityASN1/CVSVersionInfo.txt +++ b/SecurityASN1/CVSVersionInfo.txt @@ -1,5 +1,5 @@ # Created and modified by checkpoint; do not edit # $Id: CVSVersionInfo.txt,v 1.1.1.1 2001/05/18 23:13:59 mb Exp $ -# $Name: $ +# $Name: Security-54~1 $ ProjectName: SecurityASN1 ProjectVersion: 6 diff --git a/SecuritySNACCRuntime/CVSVersionInfo.txt b/SecuritySNACCRuntime/CVSVersionInfo.txt index 56be069d..e75ce0a0 100644 --- a/SecuritySNACCRuntime/CVSVersionInfo.txt +++ b/SecuritySNACCRuntime/CVSVersionInfo.txt @@ -1,5 +1,5 @@ # Created and modified by checkpoint; do not edit # $Id: CVSVersionInfo.txt,v 1.1.1.1 2001/05/18 23:14:04 mb Exp $ -# $Name: $ +# $Name: Security-54~1 $ ProjectName: SecuritySNACCRuntime ProjectVersion: 6.1 diff --git a/SecurityServer/CVSVersionInfo.txt b/SecurityServer/CVSVersionInfo.txt index 80294d1b..3bcd28d5 100644 --- a/SecurityServer/CVSVersionInfo.txt +++ b/SecurityServer/CVSVersionInfo.txt @@ -1,5 +1,5 @@ # Created and modified by checkpoint; do not edit # $Id: CVSVersionInfo.txt,v 1.1.1.1 2001/05/18 23:14:00 mb Exp $ -# $Name: $ +# $Name: Security-54~1 $ ProjectName: SecurityServer ProjectVersion: 17.1 diff --git a/cdsa/CVSVersionInfo.txt b/cdsa/CVSVersionInfo.txt index dbee6b90..030e8ded 100644 --- a/cdsa/CVSVersionInfo.txt +++ b/cdsa/CVSVersionInfo.txt @@ -1,5 +1,5 @@ # Created and modified by checkpoint; do not edit # $Id: CVSVersionInfo.txt,v 1.1.1.1 2001/05/18 23:13:53 mb Exp $ -# $Name: $ +# $Name: Security-54~1 $ ProjectName: cdsa ProjectVersion: 21 diff --git a/cdsa/cdsa/cssmapple.h b/cdsa/cdsa/cssmapple.h index b73bb1b3..785ac703 100644 --- a/cdsa/cdsa/cssmapple.h +++ b/cdsa/cdsa/cssmapple.h @@ -266,6 +266,8 @@ enum CSSMERR_APPLETP_INVALID_EXTENDED_KEY_USAGE = CSSM_TP_PRIVATE_ERROR + 7, /* Invalid Subject/Authority Key ID Linkage */ CSSMERR_APPLETP_INVALID_ID_LINKAGE = CSSM_TP_PRIVATE_ERROR + 8, + /* PathLengthConstraint exceeded */ + CSSMERR_APPLETP_PATH_LEN_CONSTRAINT = CSSM_TP_PRIVATE_ERROR + 9, }; enum -- 2.47.2