]> git.saurik.com Git - apple/security.git/blobdiff - OSX/libsecurity_keychain/regressions/kc-30-xara.c
projects / apple / security.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security-58286.260.20.tar.gz
[apple/security.git] / OSX / libsecurity_keychain / regressions / kc-30-xara.c
diff --git a/OSX/libsecurity_keychain/regressions/kc-30-xara.c b/OSX/libsecurity_keychain/regressions/kc-30-xara.c
index ffbfd0b9bc949d3d6ba8827935833fc4aa25456c..e10f600a0d1da551442255647af391530ff1cc6d 100644 (file)
--- a/OSX/libsecurity_keychain/regressions/kc-30-xara.c
+++ b/OSX/libsecurity_keychain/regressions/kc-30-xara.c
@@ -127,10 +127,10 @@ static void testAttackItem(CSSM_DL_DB_HANDLE dldbHandle) {
     secnotice("integrity", "************************************* %s", name);
 
     SecKeychainRef kc = newKeychain(name);
     secnotice("integrity", "************************************* %s", name);
 
     SecKeychainRef kc = newKeychain(name);
-    checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 0);
+    checkN(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 0);
 
     makeItemWithIntegrity(name, kc, kSecClassGenericPassword, CFSTR("265438ea6807b509c9c6962df3f5033fd1af118f76c5f550e3ed90cb0d3ffce4"));
 
     makeItemWithIntegrity(name, kc, kSecClassGenericPassword, CFSTR("265438ea6807b509c9c6962df3f5033fd1af118f76c5f550e3ed90cb0d3ffce4"));
-    SecKeychainItemRef item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1);
+    SecKeychainItemRef item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1);
     CFReleaseNull(item);
     CFReleaseNull(kc);
 
     CFReleaseNull(item);
     CFReleaseNull(kc);
 
@@ -138,7 +138,7 @@ static void testAttackItem(CSSM_DL_DB_HANDLE dldbHandle) {
     modifyAttributeInKeychain(name, dldbHandle, keychainDbFile, CSSM_DL_DB_RECORD_GENERIC_PASSWORD, "PrintName", modification, strlen(modification));
 
     kc = openKeychain(name);
     modifyAttributeInKeychain(name, dldbHandle, keychainDbFile, CSSM_DL_DB_RECORD_GENERIC_PASSWORD, "PrintName", modification, strlen(modification));
 
     kc = openKeychain(name);
-    item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1);
+    item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1);
     readPasswordContentsWithResult(item, errSecInvalidItemRef, NULL);
 
     ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name);
     readPasswordContentsWithResult(item, errSecInvalidItemRef, NULL);
 
     ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name);
@@ -151,10 +151,10 @@ static void testAttackKey(CSSM_DL_DB_HANDLE dldbHandle) {
     secnotice("integrity", "************************************* %s", name);
 
     SecKeychainRef kc = newKeychain(name);
     secnotice("integrity", "************************************* %s", name);
 
     SecKeychainRef kc = newKeychain(name);
-    checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 0);
+    checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 0);
 
     makeKeyWithIntegrity(name, kc, CFSTR("44f10f6bb508d47f8905859efc06eaee500304bc4da408b1f4d2a58c6502147b"));
 
     makeKeyWithIntegrity(name, kc, CFSTR("44f10f6bb508d47f8905859efc06eaee500304bc4da408b1f4d2a58c6502147b"));
-    SecKeychainItemRef item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1);
+    SecKeychainItemRef item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1);
 
     checkKeyUse((SecKeyRef) item, errSecSuccess);
 
 
     checkKeyUse((SecKeyRef) item, errSecSuccess);
 
@@ -165,7 +165,7 @@ static void testAttackKey(CSSM_DL_DB_HANDLE dldbHandle) {
     modifyAttributeInKeychain(name, dldbHandle, keychainDbFile, CSSM_DL_DB_RECORD_SYMMETRIC_KEY, "Label", modification, strlen(modification));
 
     kc = openKeychain(name);
     modifyAttributeInKeychain(name, dldbHandle, keychainDbFile, CSSM_DL_DB_RECORD_SYMMETRIC_KEY, "Label", modification, strlen(modification));
 
     kc = openKeychain(name);
-    item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1);
+    item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1);
     checkKeyUse((SecKeyRef) item, errSecInvalidItemRef);
     ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name);
     CFReleaseNull(kc);
     checkKeyUse((SecKeyRef) item, errSecInvalidItemRef);
     ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name);
     CFReleaseNull(kc);
@@ -179,11 +179,10 @@ static void testAddAfterCorruptItem(CSSM_DL_DB_HANDLE dldbHandle) {
     secnotice("integrity", "************************************* %s", name);
 
     SecKeychainRef kc = newKeychain(name);
     secnotice("integrity", "************************************* %s", name);
 
     SecKeychainRef kc = newKeychain(name);
-    checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 0);
+    checkN(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 0);
 
     makeCustomItemWithIntegrity(name, kc, kSecClassGenericPassword, CFSTR("test_label"), CFSTR("265438ea6807b509c9c6962df3f5033fd1af118f76c5f550e3ed90cb0d3ffce4"));
 
     makeCustomItemWithIntegrity(name, kc, kSecClassGenericPassword, CFSTR("test_label"), CFSTR("265438ea6807b509c9c6962df3f5033fd1af118f76c5f550e3ed90cb0d3ffce4"));
-    SecKeychainItemRef item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1);
-    CFReleaseNull(item);
+    checkN(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1);
 
     makeDuplicateItem(name, kc, kSecClassGenericPassword);
     CFReleaseNull(kc);
 
     makeDuplicateItem(name, kc, kSecClassGenericPassword);
     CFReleaseNull(kc);
@@ -192,12 +191,12 @@ static void testAddAfterCorruptItem(CSSM_DL_DB_HANDLE dldbHandle) {
     modifyAttributeInKeychain(name, dldbHandle, keychainDbFile, CSSM_DL_DB_RECORD_GENERIC_PASSWORD, "PrintName", modification, strlen(modification));
 
     kc = openKeychain(name);
     modifyAttributeInKeychain(name, dldbHandle, keychainDbFile, CSSM_DL_DB_RECORD_GENERIC_PASSWORD, "PrintName", modification, strlen(modification));
 
     kc = openKeychain(name);
-    item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1);
+    SecKeychainItemRef item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1);
     deleteItem(item);
     deleteItem(item);
-    checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 0);
+    checkN(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 0);
 
     makeCustomItemWithIntegrity(name, kc, kSecClassGenericPassword, CFSTR("evil_application"), CFSTR("d2aa97b30a1f96f9e61fcade2b00d9f4284976a83a5b68392251ee5ec827f8cc"));
 
     makeCustomItemWithIntegrity(name, kc, kSecClassGenericPassword, CFSTR("evil_application"), CFSTR("d2aa97b30a1f96f9e61fcade2b00d9f4284976a83a5b68392251ee5ec827f8cc"));
-    checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1);
+    checkN(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1);
     makeCustomDuplicateItem(name, kc, kSecClassGenericPassword, CFSTR("evil_application"));
     ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name);
     CFReleaseNull(kc);
     makeCustomDuplicateItem(name, kc, kSecClassGenericPassword, CFSTR("evil_application"));
     ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name);
     CFReleaseNull(kc);
@@ -211,14 +210,14 @@ static void testAddAfterCorruptKey(CSSM_DL_DB_HANDLE dldbHandle) {
     secnotice("integrity", "************************************* %s", name);
 
     SecKeychainRef kc = newKeychain(name);
     secnotice("integrity", "************************************* %s", name);
 
     SecKeychainRef kc = newKeychain(name);
-    checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 0);
-    checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 0);
-    checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 0);
+    checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 0);
+    checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 0);
+    checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 0);
 
     // Make a symmetric key
     makeCustomKeyWithIntegrity(name, kc, CFSTR("test_key"), CFSTR("44f10f6bb508d47f8905859efc06eaee500304bc4da408b1f4d2a58c6502147b"));
 
 
     // Make a symmetric key
     makeCustomKeyWithIntegrity(name, kc, CFSTR("test_key"), CFSTR("44f10f6bb508d47f8905859efc06eaee500304bc4da408b1f4d2a58c6502147b"));
 
-    SecKeychainItemRef item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1);
+    SecKeychainItemRef item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1);
     makeCustomDuplicateKey(name, kc, CFSTR("test_key"));
     CFReleaseNull(item);
 
     makeCustomDuplicateKey(name, kc, CFSTR("test_key"));
     CFReleaseNull(item);
 
@@ -226,8 +225,8 @@ static void testAddAfterCorruptKey(CSSM_DL_DB_HANDLE dldbHandle) {
     SecKeyRef pub;
     SecKeyRef priv;
     makeCustomKeyPair(name, kc, CFSTR("test_key_pair"), &pub, &priv);
     SecKeyRef pub;
     SecKeyRef priv;
     makeCustomKeyPair(name, kc, CFSTR("test_key_pair"), &pub, &priv);
-    checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1);
-    checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1);
+    checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1);
+    checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1);
     CFReleaseNull(pub);
     CFReleaseNull(priv);
 
     CFReleaseNull(pub);
     CFReleaseNull(priv);
 
@@ -240,26 +239,26 @@ static void testAddAfterCorruptKey(CSSM_DL_DB_HANDLE dldbHandle) {
 
     kc = openKeychain(name);
 
 
     kc = openKeychain(name);
 
-    item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1);
+    item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1);
     deleteItem(item);
     deleteItem(item);
-    checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 0);
+    checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 0);
 
 
-    item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1);
+    item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1);
     deleteItem(item);
     deleteItem(item);
-    checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 0);
+    checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 0);
 
 
-    item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1);
+    item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1);
     deleteItem(item);
     deleteItem(item);
-    checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 0);
+    checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 0);
 
     makeCustomKeyWithIntegrity(name, kc, CFSTR("evil_application"), CFSTR("ca6d90a0b053113e43bbb67f64030230c96537f77601f66bdf821d8684431dfc"));
 
     makeCustomKeyWithIntegrity(name, kc, CFSTR("evil_application"), CFSTR("ca6d90a0b053113e43bbb67f64030230c96537f77601f66bdf821d8684431dfc"));
-    item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1);
+    item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1);
 
     makeCustomDuplicateKey(name, kc, CFSTR("evil_application"));
 
     makeCustomKeyPair(name, kc, CFSTR("evil_application"), &pub, &priv);
 
     makeCustomDuplicateKey(name, kc, CFSTR("evil_application"));
 
     makeCustomKeyPair(name, kc, CFSTR("evil_application"), &pub, &priv);
-    checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1);
-    checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1);
+    checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1);
+    checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1);
 
     // We cannot create a duplicate key pair, so don't try.
 
 
     // We cannot create a duplicate key pair, so don't try.
 
@@ -298,8 +297,8 @@ static void testKeychainUpgrade() {
     UInt32 len = 400;
 
     // To test multi-threading, we want the upgrade to take a while. Add a bunch of passwords...
     UInt32 len = 400;
 
     // To test multi-threading, we want the upgrade to take a while. Add a bunch of passwords...
-    char oldkcFile[100];
-    sprintf(oldkcFile, "%s/Library/test.keychain", getenv("HOME"));
+    char oldkcFile[MAXPATHLEN];
+    snprintf(oldkcFile, sizeof(oldkcFile), "%s/Library/test.keychain", getenv("HOME"));
     unlink(oldkcFile);
     writeOldKeychain(name, oldkcFile);
 
     unlink(oldkcFile);
     writeOldKeychain(name, oldkcFile);
 
@@ -308,7 +307,7 @@ static void testKeychainUpgrade() {
     for(int i = 0; i < 200; i++) {
         CFTypeRef result = NULL;
         CFStringRef cflabel = CFStringCreateWithFormat(NULL, NULL, CFSTR("item%d"), i);
     for(int i = 0; i < 200; i++) {
         CFTypeRef result = NULL;
         CFStringRef cflabel = CFStringCreateWithFormat(NULL, NULL, CFSTR("item%d"), i);
-        CFMutableDictionaryRef query = makeAddCustomItemDictionaryWithService(kc, kSecClassInternetPassword, cflabel, cflabel, CFSTR("no service"));
+        CFMutableDictionaryRef query = createAddCustomItemDictionaryWithService(kc, kSecClassInternetPassword, cflabel, cflabel, CFSTR("no service"));
         SecItemAdd(query, &result); // don't particuluarly care if this fails...
         CFReleaseNull(query);
         CFReleaseNull(cflabel);
         SecItemAdd(query, &result); // don't particuluarly care if this fails...
         CFReleaseNull(query);
         CFReleaseNull(cflabel);
@@ -340,7 +339,7 @@ static void testKeychainUpgrade() {
         secerror("beginning 1\n");
         SecKeychainRef blockKc;
         SecKeychainOpen(keychainName, &blockKc);
         secerror("beginning 1\n");
         SecKeychainRef blockKc;
         SecKeychainOpen(keychainName, &blockKc);
-        SecKeychainItemRef item = checkN(blockName, makeQueryItemDictionary(blockKc, kSecClassGenericPassword), 1);
+        SecKeychainItemRef item = checkNCopyFirst(blockName, createQueryItemDictionary(blockKc, kSecClassGenericPassword), 1);
         checkIntegrityHash(blockName, item, CFSTR("39c56eadd3e3b496b6099e5f3d5ff88eaee9ca2e3a50c1be8319807a72e451e5"));
         checkPartitionIDs(blockName, item, 0);
         CFReleaseSafe(blockKc);
         checkIntegrityHash(blockName, item, CFSTR("39c56eadd3e3b496b6099e5f3d5ff88eaee9ca2e3a50c1be8319807a72e451e5"));
         checkPartitionIDs(blockName, item, 0);
         CFReleaseSafe(blockKc);
@@ -353,7 +352,7 @@ static void testKeychainUpgrade() {
         secerror("beginning 2\n");
         SecKeychainRef blockKc;
         SecKeychainOpen(keychainName, &blockKc);
         secerror("beginning 2\n");
         SecKeychainRef blockKc;
         SecKeychainOpen(keychainName, &blockKc);
-        SecKeychainItemRef item = checkN(blockName, makeQueryItemDictionaryWithService(blockKc, kSecClassInternetPassword, CFSTR("test_service")), 1);
+        SecKeychainItemRef item = checkNCopyFirst(blockName, createQueryItemDictionaryWithService(blockKc, kSecClassInternetPassword, CFSTR("test_service")), 1);
         checkIntegrityHash(blockName, item, CFSTR("4f1b64e3c156968916e72d8ff3f1a8eb78b32abe0b2b43f0578eb07c722aaf03"));
         checkPartitionIDs(blockName, item, 0);
         CFReleaseSafe(blockKc);
         checkIntegrityHash(blockName, item, CFSTR("4f1b64e3c156968916e72d8ff3f1a8eb78b32abe0b2b43f0578eb07c722aaf03"));
         checkPartitionIDs(blockName, item, 0);
         CFReleaseSafe(blockKc);
@@ -366,7 +365,7 @@ static void testKeychainUpgrade() {
         secerror("beginning 3\n");
         SecKeychainRef blockKc;
         SecKeychainOpen(keychainName, &blockKc);
         secerror("beginning 3\n");
         SecKeychainRef blockKc;
         SecKeychainOpen(keychainName, &blockKc);
-        SecKeychainItemRef item = checkN(blockName, makeQueryKeyDictionary(blockKc, kSecAttrKeyClassSymmetric), 1);
+        SecKeychainItemRef item = checkNCopyFirst(blockName, createQueryKeyDictionary(blockKc, kSecAttrKeyClassSymmetric), 1);
         checkIntegrityHash(blockName, (SecKeychainItemRef) item, CFSTR("44f10f6bb508d47f8905859efc06eaee500304bc4da408b1f4d2a58c6502147b"));
         checkPartitionIDs(blockName, (SecKeychainItemRef) item, 0);
         CFReleaseSafe(blockKc);
         checkIntegrityHash(blockName, (SecKeychainItemRef) item, CFSTR("44f10f6bb508d47f8905859efc06eaee500304bc4da408b1f4d2a58c6502147b"));
         checkPartitionIDs(blockName, (SecKeychainItemRef) item, 0);
         CFReleaseSafe(blockKc);
@@ -379,7 +378,7 @@ static void testKeychainUpgrade() {
         secerror("beginning 4\n");
         SecKeychainRef blockKc;
         SecKeychainOpen(keychainName, &blockKc);
         secerror("beginning 4\n");
         SecKeychainRef blockKc;
         SecKeychainOpen(keychainName, &blockKc);
-        SecKeychainItemRef item = checkN(blockName, makeQueryKeyDictionary(blockKc, kSecAttrKeyClassPublic), 1);
+        SecKeychainItemRef item = checkNCopyFirst(blockName, createQueryKeyDictionary(blockKc, kSecAttrKeyClassPublic), 1);
         checkIntegrityHash(blockName, (SecKeychainItemRef) item, CFSTR("42d29fd5e9935edffcf6d0261eabddb00782ec775caa93716119e8e553ab5578"));
         checkPartitionIDs(blockName, (SecKeychainItemRef) item, 0);
         CFReleaseSafe(blockKc);
         checkIntegrityHash(blockName, (SecKeychainItemRef) item, CFSTR("42d29fd5e9935edffcf6d0261eabddb00782ec775caa93716119e8e553ab5578"));
         checkPartitionIDs(blockName, (SecKeychainItemRef) item, 0);
         CFReleaseSafe(blockKc);
@@ -392,7 +391,7 @@ static void testKeychainUpgrade() {
         secerror("beginning 5\n");
         SecKeychainRef blockKc;
         SecKeychainOpen(keychainName, &blockKc);
         secerror("beginning 5\n");
         SecKeychainRef blockKc;
         SecKeychainOpen(keychainName, &blockKc);
-        SecKeychainItemRef item = checkN(blockName, makeQueryKeyDictionary(blockKc, kSecAttrKeyClassPrivate), 1);
+        SecKeychainItemRef item = checkNCopyFirst(blockName, createQueryKeyDictionary(blockKc, kSecAttrKeyClassPrivate), 1);
         checkIntegrityHash(blockName, (SecKeychainItemRef) item, CFSTR("bdf219cdbc2dc6c4521cf39d1beda2e3491ef0330ba59eb41229dd909632f48d"));
         checkPartitionIDs(blockName, (SecKeychainItemRef) item, 0);
         CFReleaseSafe(blockKc);
         checkIntegrityHash(blockName, (SecKeychainItemRef) item, CFSTR("bdf219cdbc2dc6c4521cf39d1beda2e3491ef0330ba59eb41229dd909632f48d"));
         checkPartitionIDs(blockName, (SecKeychainItemRef) item, 0);
         CFReleaseSafe(blockKc);
@@ -419,25 +418,25 @@ static void testKeychainUpgrade() {
     CFReleaseNull(kc);
     kc = openCustomKeychain(name, keychainName, "password");
 
     CFReleaseNull(kc);
     kc = openCustomKeychain(name, keychainName, "password");
 
-    item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1);
+    item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1);
     checkIntegrityHash(name, item, CFSTR("39c56eadd3e3b496b6099e5f3d5ff88eaee9ca2e3a50c1be8319807a72e451e5"));
     checkPartitionIDs(name, item, 0);
     makeCustomDuplicateItem(name, kc, kSecClassGenericPassword, CFSTR("test_generic"));
 
     checkIntegrityHash(name, item, CFSTR("39c56eadd3e3b496b6099e5f3d5ff88eaee9ca2e3a50c1be8319807a72e451e5"));
     checkPartitionIDs(name, item, 0);
     makeCustomDuplicateItem(name, kc, kSecClassGenericPassword, CFSTR("test_generic"));
 
-    item = checkN(name, makeQueryItemDictionary(kc, kSecClassInternetPassword), 1);
+    item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassInternetPassword), 1);
     checkIntegrityHash(name, item, CFSTR("4f1b64e3c156968916e72d8ff3f1a8eb78b32abe0b2b43f0578eb07c722aaf03"));
     checkPartitionIDs(name, item, 0);
     makeCustomDuplicateItem(name, kc, kSecClassInternetPassword, CFSTR("test_internet"));
 
     checkIntegrityHash(name, item, CFSTR("4f1b64e3c156968916e72d8ff3f1a8eb78b32abe0b2b43f0578eb07c722aaf03"));
     checkPartitionIDs(name, item, 0);
     makeCustomDuplicateItem(name, kc, kSecClassInternetPassword, CFSTR("test_internet"));
 
-    item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1);
+    item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1);
     checkIntegrityHash(name, (SecKeychainItemRef) item, CFSTR("44f10f6bb508d47f8905859efc06eaee500304bc4da408b1f4d2a58c6502147b"));
     checkPartitionIDs(name, (SecKeychainItemRef) item, 0);
 
     checkIntegrityHash(name, (SecKeychainItemRef) item, CFSTR("44f10f6bb508d47f8905859efc06eaee500304bc4da408b1f4d2a58c6502147b"));
     checkPartitionIDs(name, (SecKeychainItemRef) item, 0);
 
-    item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1);
+    item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1);
     checkIntegrityHash(name, (SecKeychainItemRef) item, CFSTR("42d29fd5e9935edffcf6d0261eabddb00782ec775caa93716119e8e553ab5578"));
     checkPartitionIDs(name, (SecKeychainItemRef) item, 0);
 
     checkIntegrityHash(name, (SecKeychainItemRef) item, CFSTR("42d29fd5e9935edffcf6d0261eabddb00782ec775caa93716119e8e553ab5578"));
     checkPartitionIDs(name, (SecKeychainItemRef) item, 0);
 
-    item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1);
+    item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1);
     checkIntegrityHash(name, (SecKeychainItemRef) item, CFSTR("bdf219cdbc2dc6c4521cf39d1beda2e3491ef0330ba59eb41229dd909632f48d"));
     checkPartitionIDs(name, (SecKeychainItemRef) item, 0);
 
     checkIntegrityHash(name, (SecKeychainItemRef) item, CFSTR("bdf219cdbc2dc6c4521cf39d1beda2e3491ef0330ba59eb41229dd909632f48d"));
     checkPartitionIDs(name, (SecKeychainItemRef) item, 0);
 
@@ -480,8 +479,9 @@ static void testKeychainCreateOver() {
     // Check that we upgrade on SecKeychainOpen
     SecKeychainRef kc = openCustomKeychain(name, keychainName, "password");
 
     // Check that we upgrade on SecKeychainOpen
     SecKeychainRef kc = openCustomKeychain(name, keychainName, "password");
 
-    item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1);
+    item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1);
     checkIntegrityHash(name, item, CFSTR("39c56eadd3e3b496b6099e5f3d5ff88eaee9ca2e3a50c1be8319807a72e451e5"));
     checkIntegrityHash(name, item, CFSTR("39c56eadd3e3b496b6099e5f3d5ff88eaee9ca2e3a50c1be8319807a72e451e5"));
+    CFReleaseNull(item);
 
     ok_status(SecKeychainDelete(kc));
     CFReleaseNull(kc);
 
     ok_status(SecKeychainDelete(kc));
     CFReleaseNull(kc);
@@ -495,11 +495,11 @@ static void testKeychainCreateOver() {
     ok_status(SecKeychainCreate(keychainFile, (UInt32) strlen("password"), "password", false, NULL, &kc), "%s: SecKeychainCreate", name);
 
     // Directly after creating a keychain, there shouldn't be any items (even though an old keychain exists underneath)
     ok_status(SecKeychainCreate(keychainFile, (UInt32) strlen("password"), "password", false, NULL, &kc), "%s: SecKeychainCreate", name);
 
     // Directly after creating a keychain, there shouldn't be any items (even though an old keychain exists underneath)
-    item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 0);
-    item = checkN(name, makeQueryItemDictionary(kc, kSecClassInternetPassword), 0);
-    item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 0);
-    item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 0);
-    item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 0);
+    checkN(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 0);
+    checkN(name, createQueryItemDictionary(kc, kSecClassInternetPassword), 0);
+    checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 0);
+    checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 0);
+    checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 0);
 
     // Check the keychain's version and path
     ok_status(SecKeychainGetKeychainVersion(kc, &version), "%s: SecKeychainGetKeychainVersion", name);
 
     // Check the keychain's version and path
     ok_status(SecKeychainGetKeychainVersion(kc, &version), "%s: SecKeychainGetKeychainVersion", name);
@@ -546,21 +546,21 @@ static void testKeychainDowngrade() {
 
     SecKeychainItemRef item;
 
 
     SecKeychainItemRef item;
 
-    item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1);
+    item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1);
     checkIntegrityHash(name, item, CFSTR("6ba8d9f77ddba54d9373b11ae5c8f7b55a5e81da27e05e86723eeceb0a9a8e0c"));
     makeCustomDuplicateItem(name, kc, kSecClassGenericPassword, CFSTR("test_generic"));
 
     checkIntegrityHash(name, item, CFSTR("6ba8d9f77ddba54d9373b11ae5c8f7b55a5e81da27e05e86723eeceb0a9a8e0c"));
     makeCustomDuplicateItem(name, kc, kSecClassGenericPassword, CFSTR("test_generic"));
 
-    item = checkN(name, makeQueryItemDictionary(kc, kSecClassInternetPassword), 1);
+    item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassInternetPassword), 1);
     checkIntegrityHash(name, item, CFSTR("630a9fe4f0191db8a99d6e8455e7114f628ce8f0f9eb3559efa572a98877a2b2"));
     makeCustomDuplicateItem(name, kc, kSecClassInternetPassword, CFSTR("test_internet"));
 
     checkIntegrityHash(name, item, CFSTR("630a9fe4f0191db8a99d6e8455e7114f628ce8f0f9eb3559efa572a98877a2b2"));
     makeCustomDuplicateItem(name, kc, kSecClassInternetPassword, CFSTR("test_internet"));
 
-    item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1);
+    item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1);
     checkIntegrityHash(name, (SecKeychainItemRef) item, CFSTR("44f10f6bb508d47f8905859efc06eaee500304bc4da408b1f4d2a58c6502147b"));
 
     checkIntegrityHash(name, (SecKeychainItemRef) item, CFSTR("44f10f6bb508d47f8905859efc06eaee500304bc4da408b1f4d2a58c6502147b"));
 
-    item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1);
+    item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1);
     checkIntegrityHash(name, (SecKeychainItemRef) item, CFSTR("d27ee2be4920d5b6f47f6b19696d09c9a6c1a5d80c6f148f778db27b4ba99d9a"));
 
     checkIntegrityHash(name, (SecKeychainItemRef) item, CFSTR("d27ee2be4920d5b6f47f6b19696d09c9a6c1a5d80c6f148f778db27b4ba99d9a"));
 
-    item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1);
+    item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1);
     checkIntegrityHash(name, (SecKeychainItemRef) item, CFSTR("4b3f7bd7f9e48dc71006ce670990aed9dba6d5089b84d4113121bab41d0a3228"));
 
 
     checkIntegrityHash(name, (SecKeychainItemRef) item, CFSTR("4b3f7bd7f9e48dc71006ce670990aed9dba6d5089b84d4113121bab41d0a3228"));
 
 
@@ -569,14 +569,14 @@ static void testKeychainDowngrade() {
     ok_status(SecKeychainGetKeychainVersion(kc, &version), "%s: SecKeychainGetKeychainVersion", name);
     is(version, version_MacOS_10_0, "%s: version of downgraded keychain is incorrect", name);
 
     ok_status(SecKeychainGetKeychainVersion(kc, &version), "%s: SecKeychainGetKeychainVersion", name);
     is(version, version_MacOS_10_0, "%s: version of downgraded keychain is incorrect", name);
 
-    checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1);
+    checkN(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1);
     makeCustomDuplicateItem(name, kc, kSecClassGenericPassword, CFSTR("test_generic"));
     makeCustomDuplicateItem(name, kc, kSecClassGenericPassword, CFSTR("test_generic"));
-    checkN(name, makeQueryItemDictionary(kc, kSecClassInternetPassword), 1);
+    checkN(name, createQueryItemDictionary(kc, kSecClassInternetPassword), 1);
     makeCustomDuplicateItem(name, kc, kSecClassInternetPassword, CFSTR("test_internet"));
 
     makeCustomDuplicateItem(name, kc, kSecClassInternetPassword, CFSTR("test_internet"));
 
-    checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1);
-    checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1);
-    checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1);
+    checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1);
+    checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1);
+    checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1);
 
     ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name);
     CFReleaseNull(kc);
 
     ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name);
     CFReleaseNull(kc);
@@ -620,7 +620,7 @@ static void testKeychainWrongFile256() {
     SecKeychainItemRef item;
 
     // Iterate over the keychain to trigger upgrade
     SecKeychainItemRef item;
 
     // Iterate over the keychain to trigger upgrade
-    item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1);
+    item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1);
     makeCustomDuplicateItem(name, kc, kSecClassGenericPassword, CFSTR("test_generic"));
 
     // We should have created keychainFile, check for it
     makeCustomDuplicateItem(name, kc, kSecClassGenericPassword, CFSTR("test_generic"));
 
     // We should have created keychainFile, check for it
@@ -636,15 +636,15 @@ static void testKeychainWrongFile256() {
     ok_status(SecKeychainGetPath(kc, &len, path), "%s: SecKeychainGetPath", name);
     eq_stringn(path, len, keychainDbFile, strlen(keychainDbFile), "%s: paths do not match", name);
 
     ok_status(SecKeychainGetPath(kc, &len, path), "%s: SecKeychainGetPath", name);
     eq_stringn(path, len, keychainDbFile, strlen(keychainDbFile), "%s: paths do not match", name);
 
-    item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1);
+    item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1);
     makeCustomDuplicateItem(name, kc, kSecClassGenericPassword, CFSTR("test_generic"));
 
     makeCustomDuplicateItem(name, kc, kSecClassGenericPassword, CFSTR("test_generic"));
 
-    item = checkN(name, makeQueryItemDictionary(kc, kSecClassInternetPassword), 1);
+    item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassInternetPassword), 1);
     makeCustomDuplicateItem(name, kc, kSecClassInternetPassword, CFSTR("test_internet"));
 
     makeCustomDuplicateItem(name, kc, kSecClassInternetPassword, CFSTR("test_internet"));
 
-    item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1);
-    item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1);
-    item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1);
+    item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1);
+    item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1);
+    item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1);
 
     ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name);
     CFReleaseNull(kc);
 
     ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name);
     CFReleaseNull(kc);
@@ -683,7 +683,7 @@ static void testKeychainWrongFile512() {
     SecKeychainItemRef item;
 
     // Iterate over the keychain to trigger upgrade
     SecKeychainItemRef item;
 
     // Iterate over the keychain to trigger upgrade
-    item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1);
+    item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1);
     makeCustomDuplicateItem(name, kc, kSecClassGenericPassword, CFSTR("test_generic"));
 
     // We should have move the keychain to keychainDbFile, check for it
     makeCustomDuplicateItem(name, kc, kSecClassGenericPassword, CFSTR("test_generic"));
 
     // We should have move the keychain to keychainDbFile, check for it
@@ -699,15 +699,15 @@ static void testKeychainWrongFile512() {
     ok_status(SecKeychainGetPath(kc, &len, path), "%s: SecKeychainGetPath", name);
     eq_stringn(path, len, keychainDbFile, strlen(keychainDbFile), "%s: paths do not match", name);
 
     ok_status(SecKeychainGetPath(kc, &len, path), "%s: SecKeychainGetPath", name);
     eq_stringn(path, len, keychainDbFile, strlen(keychainDbFile), "%s: paths do not match", name);
 
-    item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1);
+    item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1);
     makeCustomDuplicateItem(name, kc, kSecClassGenericPassword, CFSTR("test_generic"));
 
     makeCustomDuplicateItem(name, kc, kSecClassGenericPassword, CFSTR("test_generic"));
 
-    item = checkN(name, makeQueryItemDictionary(kc, kSecClassInternetPassword), 1);
+    item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassInternetPassword), 1);
     makeCustomDuplicateItem(name, kc, kSecClassInternetPassword, CFSTR("test_internet"));
 
     makeCustomDuplicateItem(name, kc, kSecClassInternetPassword, CFSTR("test_internet"));
 
-    item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1);
-    item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1);
-    item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1);
+    item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1);
+    item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1);
+    item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1);
 
     ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name);
     CFReleaseNull(kc);
 
     ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name);
     CFReleaseNull(kc);
@@ -815,17 +815,18 @@ static void testUidAccess() {
     SecAccessRef access = makeUidAccess(getuid());
 
     SecKeychainRef kc = newKeychain(name);
     SecAccessRef access = makeUidAccess(getuid());
 
     SecKeychainRef kc = newKeychain(name);
-    CFMutableDictionaryRef query = makeAddItemDictionary(kc, kSecClassGenericPassword, CFSTR("test label"));
+    CFMutableDictionaryRef query = createAddItemDictionary(kc, kSecClassGenericPassword, CFSTR("test label"));
     CFDictionarySetValue(query, kSecAttrAccess, access);
 
     CFTypeRef result = NULL;
     ok_status(SecItemAdd(query, &result), "%s: SecItemAdd", name);
     CFDictionarySetValue(query, kSecAttrAccess, access);
 
     CFTypeRef result = NULL;
     ok_status(SecItemAdd(query, &result), "%s: SecItemAdd", name);
+    CFReleaseNull(query);
     ok(result != NULL, "%s: SecItemAdd returned a result", name);
 
     ok(result != NULL, "%s: SecItemAdd returned a result", name);
 
-    SecKeychainItemRef item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1);
+    SecKeychainItemRef item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1);
 
     ok_status(SecKeychainItemSetAccess(item, access), "%s: SecKeychainItemSetAccess", name);
 
     ok_status(SecKeychainItemSetAccess(item, access), "%s: SecKeychainItemSetAccess", name);
-    checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1);
+    checkN(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1);
 
     // Check to make sure the ACL stays
     access = NULL;
 
     // Check to make sure the ACL stays
     access = NULL;
@@ -919,14 +920,15 @@ static void testMultipleUidAccess() {
     SecAccessRef access = makeMultipleUidAccess(uids, 5);
 
     SecKeychainRef kc = newKeychain(name);
     SecAccessRef access = makeMultipleUidAccess(uids, 5);
 
     SecKeychainRef kc = newKeychain(name);
-    CFMutableDictionaryRef query = makeAddItemDictionary(kc, kSecClassGenericPassword, CFSTR("test label"));
+    CFMutableDictionaryRef query = createAddItemDictionary(kc, kSecClassGenericPassword, CFSTR("test label"));
     CFDictionarySetValue(query, kSecAttrAccess, access);
 
     CFTypeRef result = NULL;
     ok_status(SecItemAdd(query, &result), "%s: SecItemAdd", name);
     CFDictionarySetValue(query, kSecAttrAccess, access);
 
     CFTypeRef result = NULL;
     ok_status(SecItemAdd(query, &result), "%s: SecItemAdd", name);
+    CFReleaseNull(query);
     ok(result != NULL, "%s: SecItemAdd returned a result", name);
 
     ok(result != NULL, "%s: SecItemAdd returned a result", name);
 
-    checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1);
+    checkN(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1);
 
     ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name);
     CFReleaseNull(kc);
 
     ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name);
     CFReleaseNull(kc);
@@ -938,27 +940,35 @@ static void testRootUidAccess() {
     sprintf(name, "testRootUidAccess");
     secnotice("integrity", "************************************* %s", name);
 
     sprintf(name, "testRootUidAccess");
     secnotice("integrity", "************************************* %s", name);
 
-    SecAccessRef access = SecAccessCreateWithOwnerAndACL(getuid(), 0, (kSecUseOnlyUID | kSecHonorRoot), NULL, NULL);
+    CFErrorRef error = NULL;
+
+    SecAccessRef access = SecAccessCreateWithOwnerAndACL(getuid(), 0, (kSecUseOnlyUID | kSecHonorRoot), NULL, &error);
+    ok(access, "%s: SecAccessCreateWithOwnerAndACL returned an access", name);
+    CFStringRef errorDesc = error ? CFErrorCopyDescription(error) : NULL;
+    is(error, NULL, "%s: SecAccessCreateWithOwnerAndACL did not return an error: %@", name, errorDesc ? errorDesc : CFSTR("no error"));
+    CFReleaseNull(errorDesc);
 
     SecKeychainRef kc = newKeychain(name);
 
     SecKeychainRef kc = newKeychain(name);
-    CFMutableDictionaryRef query = makeAddItemDictionary(kc, kSecClassGenericPassword, CFSTR("test label"));
+    CFMutableDictionaryRef query = createAddItemDictionary(kc, kSecClassGenericPassword, CFSTR("test label"));
     CFDictionarySetValue(query, kSecAttrAccess, access);
 
     CFTypeRef result = NULL;
     ok_status(SecItemAdd(query, &result), "%s: SecItemAdd", name);
     CFDictionarySetValue(query, kSecAttrAccess, access);
 
     CFTypeRef result = NULL;
     ok_status(SecItemAdd(query, &result), "%s: SecItemAdd", name);
+    CFReleaseNull(query);
     ok(result != NULL, "%s: SecItemAdd returned a result", name);
 
     ok(result != NULL, "%s: SecItemAdd returned a result", name);
 
-    query = makeQueryItemDictionary(kc, kSecClassGenericPassword);
+    query = createQueryItemDictionary(kc, kSecClassGenericPassword);
 
 
-    SecKeychainItemRef item = checkN(name, query, 1);
+    SecKeychainItemRef item = checkNCopyFirst(name, query, 1);
 
     ok_status(SecKeychainItemSetAccess(item, access), "%s: SecKeychainItemSetAccess", name);
 
     ok_status(SecKeychainItemSetAccess(item, access), "%s: SecKeychainItemSetAccess", name);
-    checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1);
+    CFReleaseNull(access);
+    checkN(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1);
 
     ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name);
     CFReleaseNull(kc);
 }
 
     ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name);
     CFReleaseNull(kc);
 }
-#define testRootUidAccessTests (newKeychainTests + checkNTests + 4 + checkNTests)
+#define testRootUidAccessTests (newKeychainTests + 2 + checkNTests + 4 + checkNTests)
 
 static void testBadACL() {
     char name[100];
 
 static void testBadACL() {
     char name[100];
@@ -973,8 +983,8 @@ static void testBadACL() {
     SecKeychainRef kc = openCustomKeychain(name, keychainName, "password");
 
     // Check that these exist in this keychain...
     SecKeychainRef kc = openCustomKeychain(name, keychainName, "password");
 
     // Check that these exist in this keychain...
-    checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1);
-    checkN(name, makeQueryItemDictionary(kc, kSecClassInternetPassword), 1);
+    checkN(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1);
+    checkN(name, createQueryItemDictionary(kc, kSecClassInternetPassword), 1);
 
     ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name);
     CFRelease(kc);
 
     ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name);
     CFRelease(kc);
@@ -994,24 +1004,24 @@ static void testBadACL() {
     kc = openCustomKeychain(name, keychainName, "password");
 
     // These items exist in this keychain, but their ACL is corrupted. We should be able to find them, but not fetch data.
     kc = openCustomKeychain(name, keychainName, "password");
 
     // These items exist in this keychain, but their ACL is corrupted. We should be able to find them, but not fetch data.
-    item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1);
+    item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1);
     readPasswordContentsWithResult(item, errSecInvalidItemRef, NULL); // we don't expect to be able to read this
     deleteItem(item);
     readPasswordContentsWithResult(item, errSecInvalidItemRef, NULL); // we don't expect to be able to read this
     deleteItem(item);
-    checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 0);
+    checkN(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 0);
 
 
-    item = checkN(name, makeQueryItemDictionary(kc, kSecClassInternetPassword), 1);
+    item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassInternetPassword), 1);
     readPasswordContentsWithResult(item, errSecInvalidItemRef, NULL); // we don't expect to be able to read this
     deleteItem(item);
     readPasswordContentsWithResult(item, errSecInvalidItemRef, NULL); // we don't expect to be able to read this
     deleteItem(item);
-    checkN(name, makeQueryItemDictionary(kc, kSecClassInternetPassword), 0);
+    checkN(name, createQueryItemDictionary(kc, kSecClassInternetPassword), 0);
 
     // These should work
     makeItem(name, kc, kSecClassGenericPassword, CFSTR("test_generic"));
     makeItem(name, kc, kSecClassInternetPassword, CFSTR("test_internet"));
 
     // And now the items should exist
 
     // These should work
     makeItem(name, kc, kSecClassGenericPassword, CFSTR("test_generic"));
     makeItem(name, kc, kSecClassInternetPassword, CFSTR("test_internet"));
 
     // And now the items should exist
-    item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1);
+    item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1);
     readPasswordContents(item, CFSTR("data"));
     readPasswordContents(item, CFSTR("data"));
-    item = checkN(name, makeQueryItemDictionary(kc, kSecClassInternetPassword), 1);
+    item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassInternetPassword), 1);
     readPasswordContents(item, CFSTR("data"));
 
     ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name);
     readPasswordContents(item, CFSTR("data"));
 
     ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name);
@@ -1035,12 +1045,12 @@ static void testIterateLockedKeychain() {
 
     ok_status(SecKeychainLock(kc), "%s: SecKeychainLock", name);
 
 
     ok_status(SecKeychainLock(kc), "%s: SecKeychainLock", name);
 
-    item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1);
-    item = checkN(name, makeQueryItemDictionary(kc, kSecClassInternetPassword), 1);
+    item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1);
+    item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassInternetPassword), 1);
 
 
-    item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1);
-    item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1);
-    item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1);
+    item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1);
+    item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1);
+    item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1);
 
     ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name);
     CFReleaseNull(kc);
 
     ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name);
     CFReleaseNull(kc);
@@ -1092,6 +1102,17 @@ static void tests(void)
 {
     initializeKeychainTests("kc-30-xara");
 
 {
     initializeKeychainTests("kc-30-xara");
 
+    testKeychainUpgrade();
+    testKeychainCreateOver();
+    testKeychainDowngrade();
+    testKeychainWrongFile256();
+    testKeychainWrongFile512();
+    testUidAccess();
+    testMultipleUidAccess();
+    testRootUidAccess();
+    testBadACL();
+    testIterateLockedKeychain();
+
     testAddItem(kSecClassGenericPassword,  CFSTR("265438ea6807b509c9c6962df3f5033fd1af118f76c5f550e3ed90cb0d3ffce4"));
     testAddItem(kSecClassInternetPassword, CFSTR("be34c4562153063ce9cdefc2c34451d5e6e98a447f293d68a67349c1b5d1164f"));
 
     testAddItem(kSecClassGenericPassword,  CFSTR("265438ea6807b509c9c6962df3f5033fd1af118f76c5f550e3ed90cb0d3ffce4"));
     testAddItem(kSecClassInternetPassword, CFSTR("be34c4562153063ce9cdefc2c34451d5e6e98a447f293d68a67349c1b5d1164f"));
 
@@ -1131,21 +1152,10 @@ static void tests(void)
     testAddAfterCorruptKey(dldbHandle);
     unloadDL(&dldbHandle);
 
     testAddAfterCorruptKey(dldbHandle);
     unloadDL(&dldbHandle);
 
-    testKeychainUpgrade();
-    testKeychainCreateOver();
-    testKeychainDowngrade();
-    testKeychainWrongFile256();
-    testKeychainWrongFile512();
-    testUidAccess();
-    testMultipleUidAccess();
-    testRootUidAccess();
-    testBadACL();
-    testIterateLockedKeychain();
-
     //makeOldKeychainBlob();
 }
 
     //makeOldKeychainBlob();
 }
 
-#pragma clang pop
+#pragma clang diagnostic pop
 #else
 
 #define kTestCount (0)
 #else
 
 #define kTestCount (0)
mirror of Security