X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/6b200bc335dc93c5516ccb52f14bd896d8c7fad7..07691282a056c4efea71e1e505527601e8cc166b:/OSX/libsecurity_keychain/lib/TrustAdditions.cpp diff --git a/OSX/libsecurity_keychain/lib/TrustAdditions.cpp b/OSX/libsecurity_keychain/lib/TrustAdditions.cpp index 8d88ba8d..4465256b 100644 --- a/OSX/libsecurity_keychain/lib/TrustAdditions.cpp +++ b/OSX/libsecurity_keychain/lib/TrustAdditions.cpp @@ -103,7 +103,7 @@ static void SafeCFRelease(void * CF_CONSUMED cfTypeRefPtr) // utility function to create a CFDataRef from the contents of the specified file; // caller must release // -static CFDataRef dataWithContentsOfFile(const char *fileName) +static CFDataRef CF_RETURNS_RETAINED dataWithContentsOfFile(const char *fileName) { int rtn; int fd; @@ -194,7 +194,7 @@ static SecKeychainRef systemRootStore() // returns a CFDictionaryRef created from the specified XML plist file; caller must release // -static CFDictionaryRef dictionaryWithContentsOfPlistFile(const char *fileName) +static CFDictionaryRef CF_RETURNS_RETAINED dictionaryWithContentsOfPlistFile(const char *fileName) { CFDictionaryRef resultDict = NULL; CFDataRef fileData = dataWithContentsOfFile(fileName); @@ -416,7 +416,6 @@ static SecCertificateRef _rootCertificateWithSubjectOfCertificate(SecCertificate SecKeyRef keyRef = NULL; SecCertificateRef resultCert = NULL; // note: Sec* APIs are not re-entrant due to the API lock - // status = SecCertificateCopyPublicKey(certificate, &keyRef); BEGIN_SECAPI_INTERNAL_CALL keyRef = Certificate::required(certificate)->publicKey()->handle(); END_SECAPI_INTERNAL_CALL @@ -826,37 +825,6 @@ bool isRevocationStatusCode(CSSM_RETURN statusCode) return false; } -// returns true if the given revocation status code can be ignored. -// -bool ignorableRevocationStatusCode(CSSM_RETURN statusCode) -{ - if (!isRevocationStatusCode(statusCode)) - return false; - - // if OCSP and/or CRL revocation info was unavailable for this certificate, - // and revocation checking is not required, we can ignore this status code. - - CFStringRef ocsp_val = (CFStringRef) CFPreferencesCopyValue(kSecRevocationOcspStyle, CFSTR(kSecRevocationDomain), kCFPreferencesCurrentUser, kCFPreferencesAnyHost); - CFStringRef crl_val = (CFStringRef) CFPreferencesCopyValue(kSecRevocationCrlStyle, CFSTR(kSecRevocationDomain), kCFPreferencesCurrentUser, kCFPreferencesAnyHost); - bool ocspRequired = (ocsp_val && CFEqual(ocsp_val, kSecRevocationRequireForAll)); - bool crlRequired = (crl_val && CFEqual(crl_val, kSecRevocationRequireForAll)); - if (!ocspRequired && ocsp_val && CFEqual(ocsp_val, kSecRevocationRequireIfPresent)) - ocspRequired = (statusCode != CSSMERR_APPLETP_OCSP_UNAVAILABLE); - if (!crlRequired && crl_val && CFEqual(crl_val, kSecRevocationRequireIfPresent)) - crlRequired = (statusCode != CSSMERR_APPLETP_CRL_NOT_FOUND); - if (ocsp_val) - CFRelease(ocsp_val); - if (crl_val) - CFRelease(crl_val); - - if (isOCSPStatusCode(statusCode)) - return (ocspRequired) ? false : true; - if (isCRLStatusCode(statusCode)) - return (crlRequired) ? false : true; - - return false; -} - // returns a CFArrayRef of allowed root certificates for the provided leaf certificate // if it passes initial EV evaluation criteria and should be subject to OCSP revocation // checking; otherwise, NULL is returned. (Caller must release the result if not NULL.)