Security-59306.61.1.tar.gz

[apple/security.git] / OSX / libsecurity_keychain / lib / Identity.cpp

diff --git a/OSX/libsecurity_keychain/lib/Identity.cpp b/OSX/libsecurity_keychain/lib/Identity.cpp
index f11974f4d09b4b537850c40ce87e29c55d349c4f..85b0636decf8b943ec2477680040cce7f8c6474a 100644 (file)
--- a/OSX/libsecurity_keychain/lib/Identity.cpp
+++ b/OSX/libsecurity_keychain/lib/Identity.cpp
@@ -61,7 +61,7 @@ Identity::Identity(const StorageManager::KeychainList &keychains, const SecPoint
                                                            kCFAllocatorNull);
     // First, try the new iOS keychain.
     {
-        const void *keys[] = { kSecClass, kSecAttrKeyClass, kSecAttrApplicationLabel, kSecReturnRef, kSecAttrNoLegacy };
+        const void *keys[] = { kSecClass, kSecAttrKeyClass, kSecAttrApplicationLabel, kSecReturnRef, kSecUseDataProtectionKeychain };
         const void *values[] = { kSecClassKey, kSecAttrKeyClassPrivate, keyHash, kCFBooleanTrue, kCFBooleanTrue };
         CFRef<CFDictionaryRef> query = CFDictionaryCreate(kCFAllocatorDefault, keys, values,
                                                           sizeof(keys) / sizeof(*keys),
@@ -96,7 +96,7 @@ Identity::Identity(const StorageManager::KeychainList &keychains, const SecPoint
             if (CFArrayGetCount(dynamicSearchList)) {
                 // Legacy way is used for dynamic keychains because SmartCards keychain does not support strict CSSM queries which are generated in SecItemCopyMatching
                 // Find a key whose label matches the publicKeyHash of the public key in the certificate.
-                KCCursor keyCursor(keychains, CSSM_DL_DB_RECORD_PRIVATE_KEY, NULL);
+                KCCursor keyCursor(keychains, (SecItemClass) CSSM_DL_DB_RECORD_PRIVATE_KEY, NULL);
                 keyCursor->add(CSSM_DB_EQUAL, KeySchema::Label, certificate->publicKeyHash());
 
                 Item key;