mirror of
https://github.com/golang/go
synced 2024-09-29 14:14:29 -06:00
crypto/x509/internal/macos: handle unexpected null returns
SecCreatePolicySSL returns null when called from a binary that has a strange path. This seems to be a weirdo macos bug, but we should be properly handling those null returns anyway. Also add handling for SecTrustGetCertificateAtIndex. Fixes #54590 Change-Id: I251e74f3b0bf65890a80b094b3e88718e13fd3db Reviewed-on: https://go-review.googlesource.com/c/go/+/438135 TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Roland Shoemaker <roland@golang.org> Reviewed-by: Damien Neil <dneil@google.com> Auto-Submit: Roland Shoemaker <roland@golang.org>
This commit is contained in:
parent
6a9aaf1f02
commit
fa463cc96d
@ -109,14 +109,6 @@ func SecTrustSettingsCopyTrustSettings(cert CFRef, domain SecTrustSettingsDomain
|
||||
}
|
||||
func x509_SecTrustSettingsCopyTrustSettings_trampoline()
|
||||
|
||||
//go:cgo_import_dynamic x509_SecPolicyCopyProperties SecPolicyCopyProperties "/System/Library/Frameworks/Security.framework/Versions/A/Security"
|
||||
|
||||
func SecPolicyCopyProperties(policy CFRef) CFRef {
|
||||
ret := syscall(abi.FuncPCABI0(x509_SecPolicyCopyProperties_trampoline), uintptr(policy), 0, 0, 0, 0, 0)
|
||||
return CFRef(ret)
|
||||
}
|
||||
func x509_SecPolicyCopyProperties_trampoline()
|
||||
|
||||
//go:cgo_import_dynamic x509_SecTrustCreateWithCertificates SecTrustCreateWithCertificates "/System/Library/Frameworks/Security.framework/Versions/A/Security"
|
||||
|
||||
func SecTrustCreateWithCertificates(certs CFRef, policies CFRef) (CFRef, error) {
|
||||
@ -147,14 +139,17 @@ func x509_SecCertificateCreateWithData_trampoline()
|
||||
|
||||
//go:cgo_import_dynamic x509_SecPolicyCreateSSL SecPolicyCreateSSL "/System/Library/Frameworks/Security.framework/Versions/A/Security"
|
||||
|
||||
func SecPolicyCreateSSL(name string) CFRef {
|
||||
func SecPolicyCreateSSL(name string) (CFRef, error) {
|
||||
var hostname CFString
|
||||
if name != "" {
|
||||
hostname = StringToCFString(name)
|
||||
defer CFRelease(CFRef(hostname))
|
||||
}
|
||||
ret := syscall(abi.FuncPCABI0(x509_SecPolicyCreateSSL_trampoline), 1 /* true */, uintptr(hostname), 0, 0, 0, 0)
|
||||
return CFRef(ret)
|
||||
if ret == 0 {
|
||||
return 0, OSStatus{"SecPolicyCreateSSL", int32(ret)}
|
||||
}
|
||||
return CFRef(ret), nil
|
||||
}
|
||||
func x509_SecPolicyCreateSSL_trampoline()
|
||||
|
||||
@ -220,9 +215,12 @@ func x509_SecTrustGetCertificateCount_trampoline()
|
||||
|
||||
//go:cgo_import_dynamic x509_SecTrustGetCertificateAtIndex SecTrustGetCertificateAtIndex "/System/Library/Frameworks/Security.framework/Versions/A/Security"
|
||||
|
||||
func SecTrustGetCertificateAtIndex(trustObj CFRef, i int) CFRef {
|
||||
func SecTrustGetCertificateAtIndex(trustObj CFRef, i int) (CFRef, error) {
|
||||
ret := syscall(abi.FuncPCABI0(x509_SecTrustGetCertificateAtIndex_trampoline), uintptr(trustObj), uintptr(i), 0, 0, 0, 0)
|
||||
return CFRef(ret)
|
||||
if ret == 0 {
|
||||
return 0, OSStatus{"SecTrustGetCertificateAtIndex", int32(ret)}
|
||||
}
|
||||
return CFRef(ret), nil
|
||||
}
|
||||
func x509_SecTrustGetCertificateAtIndex_trampoline()
|
||||
|
||||
|
@ -13,8 +13,6 @@ TEXT ·x509_SecTrustSettingsCopyCertificates_trampoline(SB),NOSPLIT,$0-0
|
||||
JMP x509_SecTrustSettingsCopyCertificates(SB)
|
||||
TEXT ·x509_SecTrustSettingsCopyTrustSettings_trampoline(SB),NOSPLIT,$0-0
|
||||
JMP x509_SecTrustSettingsCopyTrustSettings(SB)
|
||||
TEXT ·x509_SecPolicyCopyProperties_trampoline(SB),NOSPLIT,$0-0
|
||||
JMP x509_SecPolicyCopyProperties(SB)
|
||||
TEXT ·x509_SecTrustCreateWithCertificates_trampoline(SB),NOSPLIT,$0-0
|
||||
JMP x509_SecTrustCreateWithCertificates(SB)
|
||||
TEXT ·x509_SecCertificateCreateWithData_trampoline(SB),NOSPLIT,$0-0
|
||||
|
@ -32,7 +32,10 @@ func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate
|
||||
|
||||
policies := macOS.CFArrayCreateMutable()
|
||||
defer macOS.ReleaseCFArray(policies)
|
||||
sslPolicy := macOS.SecPolicyCreateSSL(opts.DNSName)
|
||||
sslPolicy, err := macOS.SecPolicyCreateSSL(opts.DNSName)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
macOS.CFArrayAppendValue(policies, sslPolicy)
|
||||
|
||||
trustObj, err := macOS.SecTrustCreateWithCertificates(certs, policies)
|
||||
@ -61,7 +64,10 @@ func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate
|
||||
chain := [][]*Certificate{{}}
|
||||
numCerts := macOS.SecTrustGetCertificateCount(trustObj)
|
||||
for i := 0; i < numCerts; i++ {
|
||||
certRef := macOS.SecTrustGetCertificateAtIndex(trustObj, i)
|
||||
certRef, err := macOS.SecTrustGetCertificateAtIndex(trustObj, i)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
cert, err := exportCertificate(certRef)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
Loading…
Reference in New Issue
Block a user