Security-58286.270.3.0.1.tar.gz

[apple/security.git] / OSX / libsecurity_ssl / lib / sslCrypto.c
diff --git a/OSX/libsecurity_ssl/lib/sslCrypto.c b/OSX/libsecurity_ssl/lib/sslCrypto.c

index 1142c7f932c42fc75120f4b4b3b79c105d4327fc..60362e4a2f5504b6faa8e23e7b5205c76ba4894d 100644 (file)
--- a/OSX/libsecurity_ssl/lib/sslCrypto.c
+++ b/OSX/libsecurity_ssl/lib/sslCrypto.c
@@ -53,11 +53,7 @@
   */
  CFIndex sslPubKeyGetAlgorithmID(SecKeyRef pubKey)
  {
   */
  CFIndex sslPubKeyGetAlgorithmID(SecKeyRef pubKey)
  {
-#if TARGET_OS_IPHONE
-       return SecKeyGetAlgorithmID(pubKey);
-#else
         return SecKeyGetAlgorithmId(pubKey);
         return SecKeyGetAlgorithmId(pubKey);
-#endif
  }
  
  /*
  }
  
  /*
@@ -65,11 +61,7 @@ CFIndex sslPubKeyGetAlgorithmID(SecKeyRef pubKey)
   */
  CFIndex sslPrivKeyGetAlgorithmID(SecKeyRef privKey)
  {
   */
  CFIndex sslPrivKeyGetAlgorithmID(SecKeyRef privKey)
  {
-#if TARGET_OS_IPHONE
-       return SecKeyGetAlgorithmID(privKey);
-#else
         return SecKeyGetAlgorithmId(privKey);
         return SecKeyGetAlgorithmId(privKey);
-#endif
  }
  
  
  }
  
  
@@ -118,21 +110,14 @@ sslGetMatchingCertInArray(
                 return NULL;
         }
  
                 return NULL;
         }
  
-       CFDataRef certData = SecCertificateCopyData(certRef);
-       if (certData) {
-               CFIndex idx, count = CFArrayGetCount(certArray);
-               for(idx=0; idx<count; idx++) {
-                       SecCertificateRef aCert = (SecCertificateRef)CFArrayGetValueAtIndex(certArray, idx);
-                       CFDataRef aData = SecCertificateCopyData(aCert);
-                       if (aData && CFEqual(aData, certData)) {
-                               matchedCert = aCert;
-                       }
-                       CFReleaseSafe(aData);
-                       if (matchedCert)
-                               break;
-               }
-               CFReleaseSafe(certData);
-       }
+    CFIndex idx, count = CFArrayGetCount(certArray);
+    for (idx = 0; idx < count; idx++) {
+        SecCertificateRef otherCert = (SecCertificateRef) CFArrayGetValueAtIndex(certArray, idx);
+        if (CFEqual(certRef, otherCert)) {
+            matchedCert = otherCert;
+            break;
+        }
+    }
  
      return matchedCert;
  }
  
      return matchedCert;
  }
@@ -178,7 +163,8 @@ static OSStatus sslVerifyCertChain(
         }
  
         SecTrustResultType secTrustResult;
         }
  
         SecTrustResultType secTrustResult;
-       require_noerr(status = SecTrustEvaluate(trust, &secTrustResult), errOut);
+    require_noerr(status = SecTrustEvaluate(trust, &secTrustResult), errOut);
+
         switch (secTrustResult) {
          case kSecTrustResultUnspecified:
              /* cert chain valid, no special UserTrust assignments */
         switch (secTrustResult) {
          case kSecTrustResultUnspecified:
              /* cert chain valid, no special UserTrust assignments */
@@ -187,7 +173,6 @@ static OSStatus sslVerifyCertChain(
              status = errSecSuccess;
              break;
          case kSecTrustResultDeny:
              status = errSecSuccess;
              break;
          case kSecTrustResultDeny:
-        case kSecTrustResultConfirm:
          case kSecTrustResultRecoverableTrustFailure:
          default:
              if(ctx->allowAnyRoot) {
          case kSecTrustResultRecoverableTrustFailure:
          default:
              if(ctx->allowAnyRoot) {