remove Nick Chan's copyright string (#6)

[ldid.git] / ldid.cpp

diff --git a/ldid.cpp b/ldid.cpp
index c65cb96b6887da614af75dab7025e7f15cbf2b01..6d9505749e6c75d6a91850f45b597fcc72c76b96 100644 (file)
--- a/ldid.cpp
+++ b/ldid.cpp
@@ -43,10 +43,15 @@
 #include <sys/types.h>
 
 #ifndef LDID_NOSMIME
+#include <openssl/opensslv.h>
+# if OPENSSL_VERSION_NUMBER >= 0x30000000
+#  include <openssl/provider.h>
+# endif
 #include <openssl/err.h>
 #include <openssl/pem.h>
 #include <openssl/pkcs7.h>
 #include <openssl/pkcs12.h>
+#include <openssl/ui.h>
 #endif
 
 #ifdef __APPLE__
@@ -141,6 +146,10 @@
 #define _packed \
     __attribute__((packed))
 
+#ifndef LDID_NOSMIME
+std::string password;
+#endif
+
 template <typename Type_>
 struct Iterator_ {
     typedef typename Type_::const_iterator Result;
@@ -1242,10 +1251,10 @@ static const std::vector<Algorithm *> &GetAlgorithms() {
 
     static std::vector<Algorithm *> algorithms;
     if (algorithms.empty()) {
-        if (do_sha1)
-            algorithms.push_back(&sha1);
         if (do_sha256)
             algorithms.push_back(&sha256);
+        if (do_sha1)
+            algorithms.push_back(&sha1);
     }
 
     return algorithms;
@@ -1786,8 +1795,14 @@ class Stuff {
         ca_(NULL)
     {
         _assert(value_ != NULL);
-        _assert(PKCS12_parse(value_, "", &key_, &cert_, &ca_) != 0);
 
+        if (!PKCS12_verify_mac(value_, "", 0) && password.empty()) {
+            char passbuf[2048];
+            UI_UTIL_read_pw_string(passbuf, 2048, "Enter password: ", 0);
+            password = passbuf;
+        }
+
+        _assert(PKCS12_parse(value_, password.c_str(), &key_, &cert_, &ca_) != 0);
         _assert(key_ != NULL);
         _assert(cert_ != NULL);
 
@@ -3090,16 +3105,29 @@ std::string Hex(const uint8_t *data, size_t size) {
 }
 
 static void usage(const char *argv0) {
-    fprintf(stderr, "usage: %s -S[entitlements.xml] <binary>\n", argv0);
-    fprintf(stderr, "   %s -e MobileSafari\n", argv0);
-    fprintf(stderr, "   %s -S cat\n", argv0);
-    fprintf(stderr, "   %s -Stfp.xml gdb\n", argv0);
+    fprintf(stderr, "Link Identity Editor %s\n\n", LDID_VERSION);
+    fprintf(stderr, "usage: %s [-Acputype:subtype] [-a]\n", argv0);
+    fprintf(stderr, "          [-C[adhoc | enforcement | expires | hard |\n");
+    fprintf(stderr, "          host | kill | library-validation | restrict | runtime]] [-D] [-d]\n");
+    fprintf(stderr, "          [-e] [-h] [-Kkey.p12 [-Upassword]] [-M] [-P] [-q] [-r | -Sfile | -s]\n");
+    fprintf(stderr, "          [-Ttimestamp] [-u] file ...\n\n");
+    fprintf(stderr, "Options:\n");
+    fprintf(stderr, "   -S[file.xml]  Pseudo-sign using the entitlements in file.xml\n");
+    fprintf(stderr, "   -Kkey.p12     Sign using private key in key.p12\n");
+    fprintf(stderr, "   -Upassword    Use password to unlock key.p12\n");
+    fprintf(stderr, "   -M            Merge entitlements with any existing\n");
+    fprintf(stderr, "   -h            Print CDHash of file\n\n");
+    fprintf(stderr, "More information: 'man ldid'\n");
 }
 
 #ifndef LDID_NOTOOLS
 int main(int argc, char *argv[]) {
 #ifndef LDID_NOSMIME
     OpenSSL_add_all_algorithms();
+# if OPENSSL_VERSION_NUMBER >= 0x30000000
+    OSSL_PROVIDER *legacy = OSSL_PROVIDER_load(NULL, "legacy");
+    OSSL_PROVIDER *deflt = OSSL_PROVIDER_load(NULL, "default");
+# endif
 #endif
 
     union {
@@ -3281,6 +3309,10 @@ int main(int argc, char *argv[]) {
                 flag_M = true;
             break;
 
+            case 'U':
+                password = argv[argi] + 2;
+            break;
+
             case 'K':
                 if (argv[argi][2] != '\0')
                     key.open(argv[argi] + 2, O_RDONLY, PROT_READ, MAP_PRIVATE);
@@ -3574,6 +3606,13 @@ int main(int argc, char *argv[]) {
         ++filei;
     }
 
+#ifndef LDID_NOSMINE
+# if OPENSSL_VERSION_NUM >= 0x30000000
+    OSSL_PROVIDER_unload(legacy);
+    OSSL_PROVIDER_unload(deflt);
+# endif
+#endif
+
     return filee;
 }
 #endif