Changeset 74692 in vbox for trunk/src/VBox/Runtime

Timestamp:

Oct 8, 2018 6:48:31 PM (7 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

125610

Message:

IPRT/RTSignTool: Some adjustments for apple signatures. bugref:9232

Location:

trunk/src/VBox/Runtime

Files:

• common/asn1/oiddb.cfg (modified) (2 diffs)
• tools/RTSignTool.cpp (modified) (5 diffs)

trunk/src/VBox/Runtime/common/asn1/oiddb.cfg

@@ -83 +83 @@
 1.2.840.113549.1.9.16.2         = pkcs9-SMime-id-aa
 1.2.840.113549.1.9.16.2.12      = pkcs9-id-aa-SigningCertificate
+1.2.840.113549.1.9.16.2.14      = pkcs9-id-aa-Attributes
 1.2.840.113549.1.9.25           = pkcs9-SMime-at
 1.2.840.113549.1.9.25.1         = pkcs9-at-Pkcs15Token
@@ -89 +90 @@
 1.2.840.113549.1.9.25.4         = pkcs9-at-SequenceNumber
 1.2.840.113549.1.9.25.5         = pkcs9-at-Pkcs7PDU
+1.2.840.113635.100.6.1.13       = apple-cs-ext-DevId-Application
+1.2.840.113635.100.6.1.14       = apple-cs-ext-DevId-Installer
+1.2.840.113635.100.6.1.18       = apple-cs-ext-DevId-KernelExt
+1.2.840.113635.100.5.1          = apple-cert-policy
+1.2.840.113635.100.4.13         = apple-eku-packageSign
+#1.2.840.113635.100.9.1         = apple-???
 1.3.6                           = dod
 1.3.6.1                         = dod-Internet

trunk/src/VBox/Runtime/tools/RTSignTool.cpp

@@ -86 +86 @@
     /** Pointer to the decoded SignedData inside the ContentInfo member. */
     PRTCRPKCS7SIGNEDDATA        pSignedData;
-    /** Pointer to the indirect data content. */
-    PRTCRSPCINDIRECTDATACONTENT pIndData;
 
     /** Newly encoded raw signature.
@@ -143 +141 @@
 {
     RTCrPkcs7ContentInfo_Delete(&pThis->ContentInfo);
-    pThis->pIndData    = NULL;
     pThis->pSignedData = NULL;
-    pThis->pIndData    = NULL;
     RTMemFree(pThis->pbBuf);
     pThis->pbBuf       = NULL;
@@ -199 +195 @@
             if (!strcmp(pThis->pSignedData->ContentInfo.ContentType.szObjId, RTCRSPCINDIRECTDATACONTENT_OID))
             {
-                pThis->pIndData = pThis->pSignedData->ContentInfo.u.pIndirectDataContent;
-                Assert(pThis->pIndData);
+                PRTCRSPCINDIRECTDATACONTENT pIndData = pThis->pSignedData->ContentInfo.u.pIndirectDataContent;
+                Assert(pIndData);
 
                 /*
@@ -212 +208 @@
                 if (RT_SUCCESS(rc))
                 {
-                    rc = RTCrSpcIndirectDataContent_CheckSanityEx(pThis->pIndData,
+                    rc = RTCrSpcIndirectDataContent_CheckSanityEx(pIndData,
                                                                   pThis->pSignedData,
                                                                   RTCRSPCINDIRECTDATACONTENT_SANITY_F_ONLY_KNOWN_HASH,
@@ -223 +219 @@
                     RTMsgError("PKCS#7 sanity check failed for '%s': %Rrc - %s\n", pThis->pszFilename, rc, ErrInfo.szMsg);
             }
+            else if (!strcmp(pThis->pSignedData->ContentInfo.ContentType.szObjId, RTCR_PKCS7_DATA_OID))
+            { /* apple code signing */ }
             else if (!fCatalog)
                 RTMsgError("Unexpected the signed content in '%s': %s (expected %s)", pThis->pszFilename,