diff options
author | Roland Shoemaker <roland@golang.org> | 2021-11-16 12:33:03 -0800 |
---|---|---|
committer | Roland Shoemaker <roland@golang.org> | 2021-11-19 21:57:03 +0000 |
commit | 6027b2183d9a63a11f92d392fd2296e7b88402fc (patch) | |
tree | 1d4a40fe9cb9b9b69341459d8d462d34fbca49ca /src/crypto | |
parent | ba9f0f6665273ab5202d829ae4aa0c5fa2cebb32 (diff) | |
download | go-6027b2183d9a63a11f92d392fd2296e7b88402fc.tar.gz go-6027b2183d9a63a11f92d392fd2296e7b88402fc.zip |
crypto/x509/internal/macos: use APIs available on ios
Use SecCertificateCopyData instead of SecItemExport, which is only
available on macOS.
Updates #49616
Change-Id: Ieda33894930d23c6dab6112ee18120f8a440083b
Reviewed-on: https://go-review.googlesource.com/c/go/+/364554
Trust: Roland Shoemaker <roland@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Diffstat (limited to 'src/crypto')
-rw-r--r-- | src/crypto/x509/internal/macos/security.go | 27 | ||||
-rw-r--r-- | src/crypto/x509/internal/macos/security.s | 4 | ||||
-rw-r--r-- | src/crypto/x509/root_darwin.go | 7 |
3 files changed, 17 insertions, 21 deletions
diff --git a/src/crypto/x509/internal/macos/security.go b/src/crypto/x509/internal/macos/security.go index 661844a805..ef64bda49f 100644 --- a/src/crypto/x509/internal/macos/security.go +++ b/src/crypto/x509/internal/macos/security.go @@ -92,20 +92,6 @@ func SecTrustSettingsCopyCertificates(domain SecTrustSettingsDomain) (certArray } func x509_SecTrustSettingsCopyCertificates_trampoline() -const kSecFormatX509Cert int32 = 9 - -//go:cgo_import_dynamic x509_SecItemExport SecItemExport "/System/Library/Frameworks/Security.framework/Versions/A/Security" - -func SecItemExport(cert CFRef) (data CFRef, err error) { - ret := syscall(abi.FuncPCABI0(x509_SecItemExport_trampoline), uintptr(cert), uintptr(kSecFormatX509Cert), - 0 /* flags */, 0 /* keyParams */, uintptr(unsafe.Pointer(&data)), 0) - if ret != 0 { - return 0, OSStatus{"SecItemExport", int32(ret)} - } - return data, nil -} -func x509_SecItemExport_trampoline() - const errSecItemNotFound = -25300 //go:cgo_import_dynamic x509_SecTrustSettingsCopyTrustSettings SecTrustSettingsCopyTrustSettings "/System/Library/Frameworks/Security.framework/Versions/A/Security" @@ -233,3 +219,16 @@ func SecTrustGetCertificateAtIndex(trustObj CFRef, i int) CFRef { return CFRef(ret) } func x509_SecTrustGetCertificateAtIndex_trampoline() + +//go:cgo_import_dynamic x509_SecCertificateCopyData SecCertificateCopyData "/System/Library/Frameworks/Security.framework/Versions/A/Security" + +func SecCertificateCopyData(cert CFRef) ([]byte, error) { + ret := syscall(abi.FuncPCABI0(x509_SecCertificateCopyData_trampoline), uintptr(cert), 0, 0, 0, 0, 0) + if ret == 0 { + return nil, errors.New("x509: invalid certificate object") + } + b := CFDataToSlice(CFRef(ret)) + CFRelease(CFRef(ret)) + return b, nil +} +func x509_SecCertificateCopyData_trampoline() diff --git a/src/crypto/x509/internal/macos/security.s b/src/crypto/x509/internal/macos/security.s index cdef63f9f9..36f814f3cd 100644 --- a/src/crypto/x509/internal/macos/security.s +++ b/src/crypto/x509/internal/macos/security.s @@ -11,8 +11,6 @@ TEXT ·x509_SecTrustSettingsCopyCertificates_trampoline(SB),NOSPLIT,$0-0 JMP x509_SecTrustSettingsCopyCertificates(SB) -TEXT ·x509_SecItemExport_trampoline(SB),NOSPLIT,$0-0 - JMP x509_SecItemExport(SB) TEXT ·x509_SecTrustSettingsCopyTrustSettings_trampoline(SB),NOSPLIT,$0-0 JMP x509_SecTrustSettingsCopyTrustSettings(SB) TEXT ·x509_SecPolicyCopyProperties_trampoline(SB),NOSPLIT,$0-0 @@ -35,3 +33,5 @@ TEXT ·x509_SecTrustGetCertificateCount_trampoline(SB),NOSPLIT,$0-0 JMP x509_SecTrustGetCertificateCount(SB) TEXT ·x509_SecTrustGetCertificateAtIndex_trampoline(SB),NOSPLIT,$0-0 JMP x509_SecTrustGetCertificateAtIndex(SB) +TEXT ·x509_SecCertificateCopyData_trampoline(SB),NOSPLIT,$0-0 + JMP x509_SecCertificateCopyData(SB) diff --git a/src/crypto/x509/root_darwin.go b/src/crypto/x509/root_darwin.go index a7ff1e78bb..1ef9c0f71e 100644 --- a/src/crypto/x509/root_darwin.go +++ b/src/crypto/x509/root_darwin.go @@ -96,14 +96,11 @@ func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate // exportCertificate returns a *Certificate for a SecCertificateRef. func exportCertificate(cert macOS.CFRef) (*Certificate, error) { - data, err := macOS.SecItemExport(cert) + data, err := macOS.SecCertificateCopyData(cert) if err != nil { return nil, err } - defer macOS.CFRelease(data) - der := macOS.CFDataToSlice(data) - - return ParseCertificate(der) + return ParseCertificate(data) } func loadSystemRoots() (*CertPool, error) { |