]> git.saurik.com Git - apple/security.git/blobdiff - OSX/libsecurity_keychain/lib/TrustSettings.cpp
projects / apple / security.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security-59306.61.1.tar.gz
[apple/security.git] / OSX / libsecurity_keychain / lib / TrustSettings.cpp
diff --git a/OSX/libsecurity_keychain/lib/TrustSettings.cpp b/OSX/libsecurity_keychain/lib/TrustSettings.cpp
index 4d602799b382b3088efc235c44ee643e42bf8d62..7474aca6e1aca1f6d36ee67a0fd906291609c2cb 100644 (file)
--- a/OSX/libsecurity_keychain/lib/TrustSettings.cpp
+++ b/OSX/libsecurity_keychain/lib/TrustSettings.cpp
@@ -28,7 +28,7 @@
 
 #include "TrustSettings.h"
 #include "TrustSettingsSchema.h"
 
 #include "TrustSettings.h"
 #include "TrustSettingsSchema.h"
-#include "SecTrustSettings.h"
+#include <Security/SecTrustSettings.h>
 #include "TrustSettingsUtils.h"
 #include "TrustKeychains.h"
 #include "Certificate.h"
 #include "TrustSettingsUtils.h"
 #include "TrustKeychains.h"
 #include "Certificate.h"
@@ -40,6 +40,8 @@
 #include <security_utilities/logging.h>
 #include <security_utilities/cfutilities.h>
 #include <security_utilities/alloc.h>
 #include <security_utilities/logging.h>
 #include <security_utilities/cfutilities.h>
 #include <security_utilities/alloc.h>
+#include <security_utilities/casts.h>
+#include <utilities/SecCFRelease.h>
 #include <Security/Authorization.h>
 #include <Security/cssmapplePriv.h>
 #include <Security/oidscert.h>
 #include <Security/Authorization.h>
 #include <Security/cssmapplePriv.h>
 #include <Security/oidscert.h>
@@ -179,6 +181,7 @@ static bool tsCheckPolicyStr(
                if (certPolicyStrNoNULL == NULL) {
                        /* I really don't see how this can happen either */
                        trustSettingsEvalDbg("tsCheckPolicyStr: policyStr string conversion error 2");
                if (certPolicyStrNoNULL == NULL) {
                        /* I really don't see how this can happen either */
                        trustSettingsEvalDbg("tsCheckPolicyStr: policyStr string conversion error 2");
+            CFReleaseNull(cfPolicyStr);
                        return false;
                }
 
                        return false;
                }
 
@@ -628,10 +631,6 @@ bool TrustSettings::evaluateCert(
 
        /* get trust settings dictionary for this cert */
        CFDictionaryRef certDict = findDictionaryForCertHash(certHashStr);
 
        /* get trust settings dictionary for this cert */
        CFDictionaryRef certDict = findDictionaryForCertHash(certHashStr);
-       if((certDict == NULL) && isRootCert) {
-               /* No? How about default root setting for this domain? */
-               certDict = findDictionaryForCertHash(kSecTrustRecordDefaultRootCert);
-       }
 #if CERT_HASH_DEBUG
        /* @@@ debug only @@@ */
        /* print certificate hash and found dictionary reference */
 #if CERT_HASH_DEBUG
        /* @@@ debug only @@@ */
        /* print certificate hash and found dictionary reference */
@@ -807,7 +806,7 @@ void TrustSettings::findQualifiedCerts(
        CFRef<CFMutableSetRef> certSet(CFSetCreateMutable(NULL, 0, &kCFTypeSetCallBacks));
 
        /* search: all certs, no attributes */
        CFRef<CFMutableSetRef> certSet(CFSetCreateMutable(NULL, 0, &kCFTypeSetCallBacks));
 
        /* search: all certs, no attributes */
-       KCCursor cursor(keychains, CSSM_DL_DB_RECORD_X509_CERTIFICATE, NULL);
+       KCCursor cursor(keychains, (SecItemClass) CSSM_DL_DB_RECORD_X509_CERTIFICATE, NULL);
        Item certItem;
        bool found;
        unsigned int total=0, entries=0, qualified=0;
        Item certItem;
        bool found;
        unsigned int total=0, entries=0, qualified=0;
@@ -817,9 +816,7 @@ void TrustSettings::findQualifiedCerts(
                        break;
                }
                ++total;
                        break;
                }
                ++total;
-       #if !SECTRUST_OSX
-               CFRef<SecCertificateRef> certRef((SecCertificateRef)certItem->handle());
-       #else
+
                /* must convert to unified SecCertificateRef */
                SecPointer<Certificate> certificate(static_cast<Certificate *>(&*certItem));
         CssmData certCssmData;
                /* must convert to unified SecCertificateRef */
                SecPointer<Certificate> certificate(static_cast<Certificate *>(&*certItem));
         CssmData certCssmData;
@@ -832,7 +829,6 @@ void TrustSettings::findQualifiedCerts(
                }
                CFRef<CFDataRef> cfDataRef(CFDataCreate(NULL, certCssmData.Data, certCssmData.Length));
                CFRef<SecCertificateRef> certRef(SecCertificateCreateWithData(NULL, cfDataRef));
                }
                CFRef<CFDataRef> cfDataRef(CFDataCreate(NULL, certCssmData.Data, certCssmData.Length));
                CFRef<SecCertificateRef> certRef(SecCertificateCreateWithData(NULL, cfDataRef));
-       #endif
 
                /* do we have an entry for this cert? */
                CFDictionaryRef certDict = findDictionaryForCert(certRef);
 
                /* do we have an entry for this cert? */
                CFDictionaryRef certDict = findDictionaryForCert(certRef);
@@ -937,7 +933,7 @@ CFArrayRef TrustSettings::copyTrustSettings(
                        SecPolicyRef policyRef = NULL;
                        if (CFDataGetTypeID() == CFGetTypeID(certPolicy)) {
                                /* convert OID as CFDataRef to SecPolicyRef */
                        SecPolicyRef policyRef = NULL;
                        if (CFDataGetTypeID() == CFGetTypeID(certPolicy)) {
                                /* convert OID as CFDataRef to SecPolicyRef */
-                               CSSM_OID policyOid = { CFDataGetLength((CFDataRef)certPolicy),
+                               CSSM_OID policyOid = { int_cast<CFIndex, CSSM_SIZE>(CFDataGetLength((CFDataRef)certPolicy)),
                                        (uint8 *)CFDataGetBytePtr((CFDataRef)certPolicy) };
                                OSStatus ortn = SecPolicyCopy(CSSM_CERT_X_509v3, &policyOid, &policyRef);
                                if(ortn) {
                                        (uint8 *)CFDataGetBytePtr((CFDataRef)certPolicy) };
                                OSStatus ortn = SecPolicyCopy(CSSM_CERT_X_509v3, &policyOid, &policyRef);
                                if(ortn) {
@@ -1226,10 +1222,10 @@ CFArrayRef TrustSettings::validateApiTrustSettings(
        OSStatus ortn = errSecSuccess;
        SecPolicyRef certPolicy;
        SecTrustedApplicationRef certApp;
        OSStatus ortn = errSecSuccess;
        SecPolicyRef certPolicy;
        SecTrustedApplicationRef certApp;
+       CFTypeRef oidData = NULL;
 
        /* convert */
        for(CFIndex dex=0; dex<numSpecs; dex++) {
 
        /* convert */
        for(CFIndex dex=0; dex<numSpecs; dex++) {
-               CFTypeRef   oidData = NULL;
                CFStringRef policyName = NULL;
                CFDataRef   appData = NULL;
                CFStringRef policyStr = NULL;
                CFStringRef policyName = NULL;
                CFDataRef   appData = NULL;
                CFStringRef policyStr = NULL;
@@ -1306,7 +1302,7 @@ CFArrayRef TrustSettings::validateApiTrustSettings(
                        ortn = errSecParam;
                        break;
                }
                        ortn = errSecParam;
                        break;
                }
-               result = resultNum;
+               result = (SecTrustSettingsResult) resultNum;
                /* validate result later */
 
                keyUsage   = (CFNumberRef)CFDictionaryGetValue(ucDict, kSecTrustSettingsKeyUsage);
                /* validate result later */
 
                keyUsage   = (CFNumberRef)CFDictionaryGetValue(ucDict, kSecTrustSettingsKeyUsage);
@@ -1329,7 +1325,7 @@ CFArrayRef TrustSettings::validateApiTrustSettings(
                        &kCFTypeDictionaryValueCallBacks);
                if(oidData) {
                        CFDictionaryAddValue(outDict, kSecTrustSettingsPolicy, oidData);
                        &kCFTypeDictionaryValueCallBacks);
                if(oidData) {
                        CFDictionaryAddValue(outDict, kSecTrustSettingsPolicy, oidData);
-                       CFRelease(oidData);                     // owned by dictionary
+                       CFReleaseNull(oidData);                 // owned by dictionary
                }
                if(policyName) {
                        CFDictionaryAddValue(outDict, kSecTrustSettingsPolicyName, policyName);
                }
                if(policyName) {
                        CFDictionaryAddValue(outDict, kSecTrustSettingsPolicyName, policyName);
@@ -1400,6 +1396,7 @@ CFArrayRef TrustSettings::validateApiTrustSettings(
 
        }       /* for each usage constraint dictionary */
 
 
        }       /* for each usage constraint dictionary */
 
+       CFReleaseNull(oidData);
        CFRelease(tmpInArray);
        if(ortn) {
                CFRelease(outArray);
        CFRelease(tmpInArray);
        if(ortn) {
                CFRelease(outArray);
@@ -1597,11 +1594,7 @@ void TrustSettings::copyIssuerAndSerial(
        CFDataRef                       *issuer,                /* optional, RETURNED */
        CFDataRef                       *serial)                /* RETURNED */
 {
        CFDataRef                       *issuer,                /* optional, RETURNED */
        CFDataRef                       *serial)                /* RETURNED */
 {
-#if SECTRUST_OSX
        CFRef<SecCertificateRef> certificate = SecCertificateCreateItemImplInstance(certRef);
        CFRef<SecCertificateRef> certificate = SecCertificateCreateItemImplInstance(certRef);
-#else
-       CFRef<SecCertificateRef> certificate = (SecCertificateRef) ((certRef) ? CFRetain(certRef) : NULL);
-#endif
 
        SecPointer<Certificate> cert = Certificate::required(certificate);
        CSSM_DATA_PTR fieldVal;
 
        SecPointer<Certificate> cert = Certificate::required(certificate);
        CSSM_DATA_PTR fieldVal;
mirror of Security