Security-58286.260.20.tar.gz

[apple/security.git] / OSX / libsecurity_keychain / lib / SecTrustOSXEntryPoints.cpp

diff --git a/OSX/libsecurity_keychain/lib/SecTrustOSXEntryPoints.cpp b/OSX/libsecurity_keychain/lib/SecTrustOSXEntryPoints.cpp
index 205ccbb2b89793b5e8f493fa3999ac5aac6a6c60..49b9e3240a166ca0fd2b284a2250451411d8cc5f 100644 (file)
--- a/OSX/libsecurity_keychain/lib/SecTrustOSXEntryPoints.cpp
+++ b/OSX/libsecurity_keychain/lib/SecTrustOSXEntryPoints.cpp
@@ -28,6 +28,12 @@
 
 #include "SecTrustOSXEntryPoints.h"
 
+#include <CoreFoundation/CoreFoundation.h>
+#include <dispatch/dispatch.h>
+#include <AssertMacros.h>
+#include <notify.h>
+#include <mach/mach_time.h>
+
 #include <Security/Security.h>
 #include <Security/cssmtype.h>
 #include <Security/SecKeychain.h>
@@ -42,26 +48,9 @@
 #include <security_ocspd/ocspdClient.h>
 #include <security_ocspd/ocspdUtils.h>
 
-#include <CoreFoundation/CoreFoundation.h>
-#include <CoreFoundation/CFRunLoop.h>
-#include <dispatch/dispatch.h>
-#include <AssertMacros.h>
-#include <pthread.h>
-#include <notify.h>
-
-/*
- * MARK: CFRunloop
- */
 
-static void *SecTrustOSXCFRunloop(__unused void *unused) {
-    CFRunLoopTimerRef timer = CFRunLoopTimerCreateWithHandler(kCFAllocatorDefault, (CFTimeInterval) UINT_MAX, 0, 0, 0, ^(__unused CFRunLoopTimerRef _timer) {
-        /* do nothing */
-    });
-
-    /* add a timer to force the runloop to stay running */
-    CFRunLoopAddTimer(CFRunLoopGetCurrent(), timer, kCFRunLoopDefaultMode);
+void SecTrustLegacySourcesListenForKeychainEvents(void) {
     /* Register for CertificateTrustNotification */
-
     int out_token = 0;
     notify_register_dispatch(kSecServerCertificateTrustNotification, &out_token,
                              dispatch_get_main_queue(),
@@ -72,37 +61,6 @@ static void *SecTrustOSXCFRunloop(__unused void *unused) {
                                  SecTrustSettingsPurgeUserAdminCertsCache();
 
                              });
-
-    try {
-        CFRunLoopRun();
-    }
-    catch (...) {
-        /* An exception was rethrown from the runloop. Since we can't reliably
-         * obtain info about changes to keychains or trust settings anymore,
-         * just exit and respawn the process when needed. */
-
-        secerror("Exception occurred in CFRunLoopRun; exiting");
-        exit(0);
-    }
-    CFRelease(timer);
-    return NULL;
-}
-
-void SecTrustLegacySourcesEventRunloopCreate(void) {
-    /* A runloop is currently necessary to receive notifications about changes in the
-     * legacy keychains and trust settings. */
-    static dispatch_once_t once;
-
-    dispatch_once(&once, ^{
-        pthread_attr_t attrs;
-        pthread_t thread;
-
-        pthread_attr_init(&attrs);
-        pthread_attr_setdetachstate(&attrs, PTHREAD_CREATE_DETACHED);
-
-        /* we do this with traditional pthread to avoid impacting our 512 WQ thread limit since this is a parked thread */
-        pthread_create(&thread, &attrs, SecTrustOSXCFRunloop, NULL);
-    });
 }
 
 /*
@@ -166,7 +124,7 @@ OSStatus SecTrustLegacyCRLStatus(SecCertificateRef cert, CFArrayRef chain, CFURL
 
     /* serialNumber is a CSSM_DATA with the value from the TBS Certificate. */
     CSSM_DATA serialNumber = { 0, NULL };
-    serialData = SecCertificateCopySerialNumber(cert, NULL);
+    serialData = SecCertificateCopySerialNumberData(cert, NULL);
     if (serialData) {
         serialNumber.Data = (uint8_t *)CFDataGetBytePtr(serialData);
         serialNumber.Length = CFDataGetLength(serialData);
@@ -272,6 +230,7 @@ static void async_ocspd_complete(async_ocspd_t *ocspd) {
 bool SecTrustLegacyCRLFetch(async_ocspd_t *ocspd,
                        CFURLRef currCRLDP, CFAbsoluteTime verifyTime,
                        SecCertificateRef cert, CFArrayRef chain) {
+    ocspd->start_time = mach_absolute_time();
     dispatch_async(ocspd->queue, ^ {
         OSStatus status = fetchCRL(currCRLDP, verifyTime);
         switch (status) {