Skip to content

Commit

Permalink
[#232] Remove non-secure NSKeyedArchiver code
Browse files Browse the repository at this point in the history
  • Loading branch information
@nabla-c0d3
nabla-c0d3 committed Sep 13, 2020
1 parent 26c7010 commit f996095
Show file tree
Hide file tree
Showing 2 changed files with 44 additions and 40 deletions.
60 changes: 36 additions & 24 deletions TrustKit.xcodeproj/project.pbxproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1527,13 +1527,18 @@
GCC_WARN_UNUSED_FUNCTION = YES;
GCC_WARN_UNUSED_VARIABLE = YES;
HEADER_SEARCH_PATHS = "$(SRCROOT)/**";
IPHONEOS_DEPLOYMENT_TARGET = 11.0;
MACOSX_DEPLOYMENT_TARGET = 10.13;
MTL_ENABLE_DEBUG_INFO = YES;
ONLY_ACTIVE_ARCH = YES;
SDKROOT = macosx;
SUPPORTED_PLATFORMS = "iphonesimulator iphoneos macosx";
TARGETED_DEVICE_FAMILY = "1,2";
TVOS_DEPLOYMENT_TARGET = 11.0;
VALID_ARCHS = "$(ARCHS_STANDARD)";
VERSIONING_SYSTEM = "apple-generic";
VERSION_INFO_PREFIX = "";
WATCHOS_DEPLOYMENT_TARGET = 4.0;
};
name = Debug;
};
Expand Down Expand Up @@ -1590,13 +1595,18 @@
GCC_WARN_UNUSED_FUNCTION = YES;
GCC_WARN_UNUSED_VARIABLE = YES;
HEADER_SEARCH_PATHS = "$(SRCROOT)/**";
IPHONEOS_DEPLOYMENT_TARGET = 11.0;
MACOSX_DEPLOYMENT_TARGET = 10.13;
MTL_ENABLE_DEBUG_INFO = NO;
SDKROOT = macosx;
SUPPORTED_PLATFORMS = "iphonesimulator iphoneos macosx";
TARGETED_DEVICE_FAMILY = "1,2";
TVOS_DEPLOYMENT_TARGET = 11.0;
VALIDATE_PRODUCT = YES;
VALID_ARCHS = "$(ARCHS_STANDARD)";
VERSIONING_SYSTEM = "apple-generic";
VERSION_INFO_PREFIX = "";
WATCHOS_DEPLOYMENT_TARGET = 4.0;
};
name = Release;
};
Expand All @@ -1617,7 +1627,7 @@
GENERATE_PKGINFO_FILE = YES;
INFOPLIST_FILE = "$(SRCROOT)/TrustKit/Framework/Info.plist";
INSTALL_PATH = "$(LOCAL_LIBRARY_DIR)/Frameworks";
IPHONEOS_DEPLOYMENT_TARGET = 10.0;
IPHONEOS_DEPLOYMENT_TARGET = "$(inherited) ";
LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/Frameworks @loader_path/Frameworks";
LIBRARY_SEARCH_PATHS = "$(inherited)";
ONLY_ACTIVE_ARCH = NO;
Expand All @@ -1627,7 +1637,7 @@
SDKROOT = iphoneos;
SKIP_INSTALL = YES;
SUPPORTED_PLATFORMS = "iphonesimulator iphoneos";
VALID_ARCHS = "$(ARCHS_STANDARD)";
VALID_ARCHS = "arm64 arm64e";
};
name = Debug;
};
Expand All @@ -1648,7 +1658,7 @@
GENERATE_PKGINFO_FILE = YES;
INFOPLIST_FILE = "$(SRCROOT)/TrustKit/Framework/Info.plist";
INSTALL_PATH = "$(LOCAL_LIBRARY_DIR)/Frameworks";
IPHONEOS_DEPLOYMENT_TARGET = 10.0;
IPHONEOS_DEPLOYMENT_TARGET = "$(inherited) ";
LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/Frameworks @loader_path/Frameworks";
LIBRARY_SEARCH_PATHS = "$(inherited)";
PRODUCT_BUNDLE_IDENTIFIER = "com.datatheorem.$(PRODUCT_NAME:rfc1034identifier)";
Expand All @@ -1657,7 +1667,7 @@
SDKROOT = iphoneos;
SKIP_INSTALL = YES;
SUPPORTED_PLATFORMS = "iphonesimulator iphoneos";
VALID_ARCHS = "$(ARCHS_STANDARD)";
VALID_ARCHS = "arm64 arm64e";
};
name = Release;
};
Expand All @@ -1679,14 +1689,14 @@
);
GCC_TREAT_WARNINGS_AS_ERRORS = YES;
INFOPLIST_FILE = TrustKitTests/Info.plist;
IPHONEOS_DEPLOYMENT_TARGET = 10.0;
IPHONEOS_DEPLOYMENT_TARGET = "$(inherited) ";
LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/Frameworks @loader_path/Frameworks @loader_path/../Frameworks @executable_path/../Frameworks";
ONLY_ACTIVE_ARCH = NO;
PRODUCT_BUNDLE_IDENTIFIER = "com.datatheorem.$(PRODUCT_NAME:rfc1034identifier)";
PRODUCT_NAME = "$(TARGET_NAME)";
SDKROOT = iphoneos;
SUPPORTED_PLATFORMS = "iphonesimulator iphoneos";
VALID_ARCHS = "$(ARCHS_STANDARD)";
VALID_ARCHS = "arm64 arm64e";
};
name = Debug;
};
Expand All @@ -1704,14 +1714,14 @@
);
GCC_TREAT_WARNINGS_AS_ERRORS = YES;
INFOPLIST_FILE = TrustKitTests/Info.plist;
IPHONEOS_DEPLOYMENT_TARGET = 10.0;
IPHONEOS_DEPLOYMENT_TARGET = "$(inherited) ";
LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/Frameworks @loader_path/Frameworks @loader_path/../Frameworks @executable_path/../Frameworks";
ONLY_ACTIVE_ARCH = NO;
PRODUCT_BUNDLE_IDENTIFIER = "com.datatheorem.$(PRODUCT_NAME:rfc1034identifier)";
PRODUCT_NAME = "$(TARGET_NAME)";
SDKROOT = iphoneos;
SUPPORTED_PLATFORMS = "iphonesimulator iphoneos";
VALID_ARCHS = "$(ARCHS_STANDARD)";
VALID_ARCHS = "arm64 arm64e";
};
name = Release;
};
Expand All @@ -1731,7 +1741,7 @@
GCC_GENERATE_TEST_COVERAGE_FILES = YES;
INFOPLIST_FILE = "$(SRCROOT)/TrustKit/Framework/Info.plist";
INSTALL_PATH = "$(LOCAL_LIBRARY_DIR)/Frameworks";
IPHONEOS_DEPLOYMENT_TARGET = 10.0;
IPHONEOS_DEPLOYMENT_TARGET = "$(inherited) ";
LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/Frameworks @loader_path/Frameworks";
LIBRARY_SEARCH_PATHS = "$(inherited)";
ONLY_ACTIVE_ARCH = NO;
Expand All @@ -1742,7 +1752,7 @@
SKIP_INSTALL = YES;
SUPPORTED_PLATFORMS = "appletvsimulator appletvos";
TARGETED_DEVICE_FAMILY = 3;
TVOS_DEPLOYMENT_TARGET = 10.0;
TVOS_DEPLOYMENT_TARGET = "$(inherited) ";
VALID_ARCHS = "$(ARCHS_STANDARD)";
};
name = Debug;
Expand All @@ -1763,7 +1773,7 @@
GCC_GENERATE_TEST_COVERAGE_FILES = YES;
INFOPLIST_FILE = "$(SRCROOT)/TrustKit/Framework/Info.plist";
INSTALL_PATH = "$(LOCAL_LIBRARY_DIR)/Frameworks";
IPHONEOS_DEPLOYMENT_TARGET = 10.0;
IPHONEOS_DEPLOYMENT_TARGET = "$(inherited) ";
LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/Frameworks @loader_path/Frameworks";
LIBRARY_SEARCH_PATHS = "$(inherited)";
PRODUCT_BUNDLE_IDENTIFIER = com.datatheorem.TrustKit;
Expand All @@ -1773,7 +1783,7 @@
SKIP_INSTALL = YES;
SUPPORTED_PLATFORMS = "appletvsimulator appletvos";
TARGETED_DEVICE_FAMILY = 3;
TVOS_DEPLOYMENT_TARGET = 10.0;
TVOS_DEPLOYMENT_TARGET = "$(inherited) ";
VALID_ARCHS = "$(ARCHS_STANDARD)";
};
name = Release;
Expand Down Expand Up @@ -1803,7 +1813,7 @@
SDKROOT = appletvos;
SUPPORTED_PLATFORMS = "appletvsimulator appletvos";
TARGETED_DEVICE_FAMILY = 3;
TVOS_DEPLOYMENT_TARGET = 10.0;
TVOS_DEPLOYMENT_TARGET = "$(inherited) ";
VALID_ARCHS = "$(ARCHS_STANDARD)";
};
name = Debug;
Expand All @@ -1829,7 +1839,7 @@
SDKROOT = appletvos;
SUPPORTED_PLATFORMS = "appletvsimulator appletvos";
TARGETED_DEVICE_FAMILY = 3;
TVOS_DEPLOYMENT_TARGET = 10.0;
TVOS_DEPLOYMENT_TARGET = "$(inherited) ";
VALID_ARCHS = "$(ARCHS_STANDARD)";
};
name = Release;
Expand All @@ -1847,14 +1857,15 @@
"DEBUG=1",
"$(inherited)",
);
IPHONEOS_DEPLOYMENT_TARGET = 10.0;
IPHONEOS_DEPLOYMENT_TARGET = "$(inherited) ";
LIBRARY_SEARCH_PATHS = "$(inherited)";
ONLY_ACTIVE_ARCH = NO;
OTHER_LDFLAGS = "-ObjC";
PRODUCT_NAME = "$(TARGET_NAME)";
SDKROOT = iphoneos;
SKIP_INSTALL = YES;
SUPPORTED_PLATFORMS = "iphonesimulator iphoneos";
VALID_ARCHS = "arm64 arm64e";
};
name = Debug;
};
Expand All @@ -1868,13 +1879,14 @@
DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
ENABLE_BITCODE = "$(inherited)";
GCC_NO_COMMON_BLOCKS = YES;
IPHONEOS_DEPLOYMENT_TARGET = 10.0;
IPHONEOS_DEPLOYMENT_TARGET = "$(inherited) ";
LIBRARY_SEARCH_PATHS = "$(inherited)";
OTHER_LDFLAGS = "-ObjC";
PRODUCT_NAME = "$(TARGET_NAME)";
SDKROOT = iphoneos;
SKIP_INSTALL = YES;
SUPPORTED_PLATFORMS = "iphonesimulator iphoneos";
VALID_ARCHS = "arm64 arm64e";
};
name = Release;
};
Expand All @@ -1897,7 +1909,7 @@
INSTALL_PATH = "$(LOCAL_LIBRARY_DIR)/Frameworks";
LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/../Frameworks @loader_path/Frameworks";
LIBRARY_SEARCH_PATHS = "$(inherited)";
MACOSX_DEPLOYMENT_TARGET = 10.12;
MACOSX_DEPLOYMENT_TARGET = "$(inherited) ";
ONLY_ACTIVE_ARCH = NO;
PRODUCT_BUNDLE_IDENTIFIER = com.datatheorem.TrustKit;
PRODUCT_NAME = TrustKit;
Expand Down Expand Up @@ -1926,7 +1938,7 @@
INSTALL_PATH = "$(LOCAL_LIBRARY_DIR)/Frameworks";
LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/../Frameworks @loader_path/Frameworks";
LIBRARY_SEARCH_PATHS = "$(inherited)";
MACOSX_DEPLOYMENT_TARGET = 10.12;
MACOSX_DEPLOYMENT_TARGET = "$(inherited) ";
ONLY_ACTIVE_ARCH = NO;
PRODUCT_BUNDLE_IDENTIFIER = com.datatheorem.TrustKit;
PRODUCT_NAME = TrustKit;
Expand All @@ -1950,7 +1962,7 @@
GCC_NO_COMMON_BLOCKS = YES;
INFOPLIST_FILE = TrustKitTests/Info.plist;
LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/../Frameworks @loader_path/../Frameworks";
MACOSX_DEPLOYMENT_TARGET = 10.12;
MACOSX_DEPLOYMENT_TARGET = "$(inherited) ";
ONLY_ACTIVE_ARCH = NO;
PRODUCT_BUNDLE_IDENTIFIER = "com.datatheorem.TrustKit-OS-XTests";
PRODUCT_NAME = "$(TARGET_NAME)";
Expand All @@ -1974,7 +1986,7 @@
GCC_NO_COMMON_BLOCKS = YES;
INFOPLIST_FILE = TrustKitTests/Info.plist;
LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/../Frameworks @loader_path/../Frameworks";
MACOSX_DEPLOYMENT_TARGET = 10.12;
MACOSX_DEPLOYMENT_TARGET = "$(inherited) ";
ONLY_ACTIVE_ARCH = NO;
PRODUCT_BUNDLE_IDENTIFIER = "com.datatheorem.TrustKit-OS-XTests";
PRODUCT_NAME = "$(TARGET_NAME)";
Expand All @@ -1999,7 +2011,7 @@
GCC_GENERATE_TEST_COVERAGE_FILES = YES;
INFOPLIST_FILE = "$(SRCROOT)/TrustKit/Framework/Info.plist";
INSTALL_PATH = "$(LOCAL_LIBRARY_DIR)/Frameworks";
IPHONEOS_DEPLOYMENT_TARGET = 10.0;
IPHONEOS_DEPLOYMENT_TARGET = "$(inherited) ";
LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/Frameworks @loader_path/Frameworks";
LIBRARY_SEARCH_PATHS = "$(inherited)";
ONLY_ACTIVE_ARCH = NO;
Expand All @@ -2011,7 +2023,7 @@
SUPPORTED_PLATFORMS = "watchsimulator watchos";
TARGETED_DEVICE_FAMILY = 4;
VALID_ARCHS = "$(ARCHS_STANDARD)";
WATCHOS_DEPLOYMENT_TARGET = 3.0;
WATCHOS_DEPLOYMENT_TARGET = "$(inherited) ";
};
name = Debug;
};
Expand All @@ -2031,7 +2043,7 @@
GCC_GENERATE_TEST_COVERAGE_FILES = YES;
INFOPLIST_FILE = "$(SRCROOT)/TrustKit/Framework/Info.plist";
INSTALL_PATH = "$(LOCAL_LIBRARY_DIR)/Frameworks";
IPHONEOS_DEPLOYMENT_TARGET = 10.0;
IPHONEOS_DEPLOYMENT_TARGET = "$(inherited) ";
LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/Frameworks @loader_path/Frameworks";
LIBRARY_SEARCH_PATHS = "$(inherited)";
PRODUCT_BUNDLE_IDENTIFIER = "com.datatheorem.$(PRODUCT_NAME:rfc1034identifier)";
Expand All @@ -2042,7 +2054,7 @@
SUPPORTED_PLATFORMS = "watchsimulator watchos";
TARGETED_DEVICE_FAMILY = 4;
VALID_ARCHS = "$(ARCHS_STANDARD)";
WATCHOS_DEPLOYMENT_TARGET = 3.0;
WATCHOS_DEPLOYMENT_TARGET = "$(inherited) ";
};
name = Release;
};
Expand Down
24 changes: 8 additions & 16 deletions TrustKit/Pinning/TSKSPKIHashCache.m
View file
Original file line number Diff line number Diff line change
Expand Up @@ -221,14 +221,9 @@ - (NSData *)hashSubjectPublicKeyInfoFromCertificate:(SecCertificateRef)certifica
});

// Update the cache on the filesystem
if (self.spkiCacheFilename.length > 0) {
NSData *serializedSpkiCache = nil;
if (@available(iOS 11.0, tvOS 11.0, watchOS 4.0, macOS 10.13, *)) { // prefer NSSecureCoding API when available
serializedSpkiCache = [NSKeyedArchiver archivedDataWithRootObject:_spkiCache requiringSecureCoding:YES error:nil];
} else {
serializedSpkiCache = [NSKeyedArchiver archivedDataWithRootObject:_spkiCache];
}

if (self.spkiCacheFilename.length > 0)
{
NSData *serializedSpkiCache = [NSKeyedArchiver archivedDataWithRootObject:_spkiCache requiringSecureCoding:YES error:nil];
if ([serializedSpkiCache writeToURL:[self SPKICachePath] atomically:YES] == NO)
{
NSAssert(false, @"Failed to write cache");
Expand All @@ -244,14 +239,11 @@ - (SPKICacheDictionnary *)loadSPKICacheFromFileSystem
NSMutableDictionary *spkiCache = nil;
NSData *serializedSpkiCache = [NSData dataWithContentsOfURL:[self SPKICachePath]];
if (serializedSpkiCache) {
if (@available(iOS 11.0, tvOS 11.0, watchOS 4.0, macOS 10.13, *)) { // prefer NSSecureCoding API when available
NSError *decodingError = nil;
spkiCache = [NSKeyedUnarchiver unarchivedObjectOfClasses:[NSSet setWithArray:@[[SPKICacheDictionnary class], [NSData class]]] fromData:serializedSpkiCache error:&decodingError];
if (decodingError) {
TSKLog(@"Could not retrieve SPKI cache from the filesystem: %@", decodingError);
}
} else {
spkiCache = [NSKeyedUnarchiver unarchiveObjectWithData:serializedSpkiCache];
NSError *decodingError = nil;
spkiCache = [NSKeyedUnarchiver unarchivedObjectOfClasses:[NSSet setWithArray:@[[SPKICacheDictionnary class], [NSData class]]] fromData:serializedSpkiCache error:&decodingError];
if (decodingError)
{
TSKLog(@"Could not retrieve SPKI cache from the filesystem: %@", decodingError);
}
}
return spkiCache;
Expand Down

0 comments on commit f996095

Please sign in to comment.