Skip to content

Security iOS xcode13.0 beta1

Manuel de la Pena edited this page Aug 5, 2021 · 3 revisions

#Security.framework https://github.com/xamarin/xamarin-macios/pull/12365

diff -ruN /Applications/Xcode_12.5.0.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/Security.framework/Headers/SecBase.h /Applications/Xcode_13.0.0-beta.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/Security.framework/Headers/SecBase.h
--- /Applications/Xcode_12.5.0.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/Security.framework/Headers/SecBase.h	2021-03-16 05:20:22.000000000 -0400
+++ /Applications/Xcode_13.0.0-beta.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/Security.framework/Headers/SecBase.h	2021-06-02 05:38:08.000000000 -0400
@@ -27,6 +27,7 @@
 #include <TargetConditionals.h>
 #include <CoreFoundation/CFBase.h>
 #include <Availability.h>
+#include <sys/cdefs.h>
 
 // Truth table for following declarations:
 //
@@ -61,10 +62,6 @@
     #define SEC_OS_OSX_INCLUDES TARGET_OS_OSX
 #endif
 
-#if SEC_OS_IPHONE
-#include <sys/cdefs.h>
-#endif
-
 #if defined(__clang__)
 #define SEC_DEPRECATED_ATTRIBUTE DEPRECATED_ATTRIBUTE
 #else
@@ -630,7 +627,8 @@
     errSecInvalidAuthority                   = -67824,    /* The authority was not valid. */
     errSecVerifyActionFailed                 = -67825,    /* A verify action has failed. */
     errSecInvalidCertAuthority               = -67826,    /* The certificate authority was not valid. */
-    errSecInvaldCRLAuthority                 = -67827,    /* The CRL authority was not valid. */
+    errSecInvalidCRLAuthority                = -67827,    /* The CRL authority was not valid. */
+    errSecInvaldCRLAuthority  API_DEPRECATED_WITH_REPLACEMENT("errSecInvalidCRLAuthority", macos(10.11, 12.0), ios(4, 15)) = errSecInvalidCRLAuthority,
     errSecInvalidCRLEncoding                 = -67828,    /* The CRL encoding was not valid. */
     errSecInvalidCRLType                     = -67829,    /* The CRL type was not valid. */
     errSecInvalidCRL                         = -67830,    /* The CRL was not valid. */
@@ -655,7 +653,8 @@
     errSecUnsupportedService                 = -67849,    /* The service is not supported. */
     errSecInvalidTupleGroup                  = -67850,    /* The tuple group was not valid. */
     errSecInvalidBaseACLs                    = -67851,    /* The base ACLs are not valid. */
-    errSecInvalidTupleCredendtials           = -67852,    /* The tuple credentials are not valid. */
+    errSecInvalidTupleCredentials            = -67852,    /* The tuple credentials are not valid. */
+    errSecInvalidTupleCredendtials API_DEPRECATED_WITH_REPLACEMENT("errSecInvalidTupleCredentials", macos(10.11, 12.0), ios(4, 15)) = errSecInvalidTupleCredentials,
     errSecInvalidEncoding                    = -67853,    /* The encoding was not valid. */
     errSecInvalidValidityPeriod              = -67854,    /* The validity period was not valid. */
     errSecInvalidRequestor                   = -67855,    /* The requestor was not valid. */
@@ -706,6 +705,7 @@
     errSecCertificateNameNotAllowed          = -67900,    /* The requested name is not allowed for this certificate. */
     errSecCertificateValidityPeriodTooLong   = -67901,    /* The validity period in the certificate exceeds the maximum allowed. */
     errSecCertificateIsCA                    = -67902,    /* The verified certificate is a CA rather than an end-entity */
+    errSecCertificateDuplicateExtension      = -67903,    /* The certificate contains multiple extensions with the same extension ID. */
 };
 
 
diff -ruN /Applications/Xcode_12.5.0.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/Security.framework/Headers/SecKey.h /Applications/Xcode_13.0.0-beta.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/Security.framework/Headers/SecKey.h
--- /Applications/Xcode_12.5.0.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/Security.framework/Headers/SecKey.h	2021-03-16 08:44:53.000000000 -0400
+++ /Applications/Xcode_13.0.0-beta.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/Security.framework/Headers/SecKey.h	2021-06-02 11:07:22.000000000 -0400
@@ -150,7 +150,7 @@
     kSecKeyVerifyRecover =    24,
     kSecKeyWrap =             25,
     kSecKeyUnwrap =           26
-};
+} API_DEPRECATED("No longer supported", macos(10.3, 12.0));
 
     /*!
     @enum SecCredentialType
@@ -164,7 +164,7 @@
 	kSecCredentialTypeDefault = 0,
 	kSecCredentialTypeWithUI,
 	kSecCredentialTypeNoUI
-};
+} API_DEPRECATED("No longer supported", macos(10.3, 12.0));
 #endif /* SEC_OS_OSX */
 
 /*!
@@ -216,7 +216,7 @@
      hash; standard ASN.1 padding will be done, as well as PKCS1 padding
      of the underlying RSA operation. */
     kSecPaddingPKCS1SHA512 = 0x8006, // __OSX_UNAVAILABLE __IOS_AVAILABLE(2.0),
-};
+} API_DEPRECATED("Replaced with SecKeyAlgorithm", macos(10.6, 12.0), ios(2.0, 15.0), tvos(4.0, 15.0), watchos(1.0, 8.0));
 
 #if SEC_OS_OSX
 /*!
@@ -244,7 +244,7 @@
     // RSA keysizes must be multiples of 8
     kSecRSAMin          = 1024,
     kSecRSAMax          = 4096
-};
+} API_DEPRECATED("No longer supported", macos(10.9, 12.0));
 #endif /* SEC_OS_OSX */
 
 /*!
@@ -259,9 +259,9 @@
 	 containing attributes specific for the public key to be generated.
 */
 extern const CFStringRef kSecPrivateKeyAttrs
-    __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_2_0);
+API_AVAILABLE(macos(10.8), ios(2.0), tvos(4.0), watchos(1.0));
 extern const CFStringRef kSecPublicKeyAttrs
-    __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_2_0);
+API_AVAILABLE(macos(10.8), ios(2.0), tvos(4.0), watchos(1.0));
 
 /*!
 	@function SecKeyGetTypeID
@@ -269,7 +269,7 @@
 	@result The CFTypeID of SecKey instances.
 */
 CFTypeID SecKeyGetTypeID(void)
-	__OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_2_0);
+API_AVAILABLE(macos(10.3), ios(2.0), tvos(4.0), watchos(1.0));
 
 
 #if SEC_OS_OSX
@@ -338,7 +338,7 @@
     @discussion  The CSSM_KEY is valid until the key item reference is released. This API is deprecated in 10.7. Its use should no longer be needed.
 */
 OSStatus SecKeyGetCSSMKey(SecKeyRef key, const CSSM_KEY * _Nullable * __nonnull cssmKey)
-	DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;;
+	DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
 
 /*!
     @function SecKeyGetCSPHandle
@@ -411,7 +411,7 @@
 */
 _Nullable CF_RETURNS_RETAINED
 SecKeyRef SecKeyGenerateSymmetric(CFDictionaryRef parameters, CFErrorRef *error)
-	__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA);
+API_DEPRECATED("No longer supported", macos(10.7, 12.0));
 
 /*!
  @function SecKeyCreateFromData
@@ -440,7 +440,7 @@
 _Nullable
 SecKeyRef SecKeyCreateFromData(CFDictionaryRef parameters,
 	CFDataRef keyData, CFErrorRef *error)
-	__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA);
+API_DEPRECATED("No longer supported", macos(10.7, 12.0));
 
 
 #ifdef __BLOCKS__
@@ -491,7 +491,7 @@
 */
 void SecKeyGeneratePairAsync(CFDictionaryRef parameters,
     dispatch_queue_t deliveryQueue, SecKeyGeneratePairBlock result)
-    __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA);
+API_DEPRECATED("No longer supported", macos(10.7, 12.0));
 
 #endif /* __BLOCKS__ */
 
@@ -529,7 +529,7 @@
 _Nullable CF_RETURNS_RETAINED
 SecKeyRef SecKeyDeriveFromPassword(CFStringRef password,
     CFDictionaryRef parameters, CFErrorRef *error)
-    __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA);
+API_DEPRECATED("No longer supported", macos(10.7, 12.0));
 
 /*!
  @function SecKeyWrapSymmetric
@@ -550,7 +550,7 @@
 _Nullable
 CFDataRef SecKeyWrapSymmetric(SecKeyRef keyToWrap,
     SecKeyRef wrappingKey, CFDictionaryRef parameters, CFErrorRef *error)
-    __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA);
+API_DEPRECATED("No longer supported", macos(10.7, 12.0));
 
 /*!
  @function SecKeyUnwrapSymmetric
@@ -571,7 +571,7 @@
 _Nullable
 SecKeyRef SecKeyUnwrapSymmetric(CFDataRef _Nullable * __nonnull keyToUnwrap,
     SecKeyRef unwrappingKey, CFDictionaryRef parameters, CFErrorRef *error)
-    __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA);
+API_DEPRECATED("No longer supported", macos(10.7, 12.0));
 
 #endif /* SEC_OS_OSX */
 
@@ -627,7 +627,7 @@
 */
 OSStatus SecKeyGeneratePair(CFDictionaryRef parameters,
     SecKeyRef * _Nullable CF_RETURNS_RETAINED publicKey, SecKeyRef * _Nullable CF_RETURNS_RETAINED privateKey)
-    __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0);
+API_DEPRECATED("Use SecKeyCreateRandomKey", macos(10.7, 12.0), ios(2.0, 15.0), tvos(4.0, 15.0), watchos(1.0, 8.0));
 
 
 #if SEC_OS_IPHONE
@@ -666,7 +666,7 @@
                        size_t              dataToSignLen,
                        uint8_t             *sig,
                        size_t              *sigLen)
-__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0);
+API_DEPRECATED("Use SecKeyCreateSignature", ios(2.0, 15.0), tvos(4.0, 15.0), watchos(1.0, 8.0));
 
 
 /*!
@@ -696,7 +696,7 @@
                          size_t              signedDataLen,
                          const uint8_t       *sig,
                          size_t              sigLen)
-__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0);
+API_DEPRECATED("Use SecKeyVerifySignature", ios(2.0, 15.0), tvos(4.0, 15.0), watchos(1.0, 8.0));
 
 
 /*!
@@ -730,7 +730,7 @@
                        size_t              plainTextLen,
                        uint8_t             *cipherText,
                        size_t              *cipherTextLen)
-__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0);
+API_DEPRECATED("Use SecKeyCreateEncryptedData", ios(2.0, 15.0), tvos(4.0, 15.0), watchos(1.0, 8.0));
 
 
 /*!
@@ -761,7 +761,7 @@
                        size_t              cipherTextLen,		/* length of cipherText */
                        uint8_t             *plainText,	
                        size_t              *plainTextLen)		/* IN/OUT */
-__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0);
+API_DEPRECATED("Use SecKeyCreateDecryptedData", ios(2.0, 15.0), tvos(4.0, 15.0), watchos(1.0, 8.0));
 
 #endif // SEC_OS_IPHONE
 
@@ -806,7 +806,7 @@
  * kSecAttrCanUnwrap default true for private keys, false for public keys
  */
 SecKeyRef _Nullable SecKeyCreateRandomKey(CFDictionaryRef parameters, CFErrorRef *error)
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 
 /*!
     @function SecKeyCreateWithData
@@ -826,7 +826,7 @@
      * kSecAttrKeyTypeECSECPrimeRandom  ANSI X9.63 format (04 || X || Y [ || K])
  */
 SecKeyRef _Nullable SecKeyCreateWithData(CFDataRef keyData, CFDictionaryRef attributes, CFErrorRef *error)
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 
 /*!
     @function SecKeyGetBlockSize
@@ -837,7 +837,7 @@
     this function is the size of the modulus.
  */
 size_t SecKeyGetBlockSize(SecKeyRef key)
-    __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
+API_AVAILABLE(macos(10.6), ios(2.0), tvos(4.0), watchos(1.0));
 
 /*!
     @function SecKeyCopyExternalRepresentation
@@ -852,7 +852,7 @@
      * kSecAttrKeyTypeECSECPrimeRandom  ANSI X9.63 format (04 || X || Y [ || K])
  */
 CFDataRef _Nullable SecKeyCopyExternalRepresentation(SecKeyRef key, CFErrorRef *error)
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 
 /*!
     @function SecKeyCopyAttributes
@@ -874,7 +874,7 @@
     The set of values is not fixed. Future versions may return more values in this dictionary.
  */
 CFDictionaryRef _Nullable SecKeyCopyAttributes(SecKeyRef key)
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 
 /*!
     @function SecKeyCopyPublicKey
@@ -884,7 +884,7 @@
     @discussion Fails if key does not contain a public key or no public key can be computed from it.
  */
 SecKeyRef _Nullable SecKeyCopyPublicKey(SecKeyRef key)
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 
 /*!
     @enum SecKeyAlgorithm
@@ -1249,176 +1249,176 @@
   */
 
 typedef CFStringRef SecKeyAlgorithm CF_STRING_ENUM
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 
 extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureRaw
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 
 extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 
 extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 
 extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA1
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA224
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA256
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA384
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA512
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 
 extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPSSSHA1
-__OSX_AVAILABLE(10.13) __IOS_AVAILABLE(11.0) __TVOS_AVAILABLE(11.0) __WATCHOS_AVAILABLE(4.0);
+API_AVAILABLE(macos(10.13), ios(11.0), tvos(11.0), watchos(4.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPSSSHA224
-__OSX_AVAILABLE(10.13) __IOS_AVAILABLE(11.0) __TVOS_AVAILABLE(11.0) __WATCHOS_AVAILABLE(4.0);
+API_AVAILABLE(macos(10.13), ios(11.0), tvos(11.0), watchos(4.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPSSSHA256
-__OSX_AVAILABLE(10.13) __IOS_AVAILABLE(11.0) __TVOS_AVAILABLE(11.0) __WATCHOS_AVAILABLE(4.0);
+API_AVAILABLE(macos(10.13), ios(11.0), tvos(11.0), watchos(4.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPSSSHA384
-__OSX_AVAILABLE(10.13) __IOS_AVAILABLE(11.0) __TVOS_AVAILABLE(11.0) __WATCHOS_AVAILABLE(4.0);
+API_AVAILABLE(macos(10.13), ios(11.0), tvos(11.0), watchos(4.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPSSSHA512
-__OSX_AVAILABLE(10.13) __IOS_AVAILABLE(11.0) __TVOS_AVAILABLE(11.0) __WATCHOS_AVAILABLE(4.0);
+API_AVAILABLE(macos(10.13), ios(11.0), tvos(11.0), watchos(4.0));
 
 extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePSSSHA1
-__OSX_AVAILABLE(10.13) __IOS_AVAILABLE(11.0) __TVOS_AVAILABLE(11.0) __WATCHOS_AVAILABLE(4.0);
+API_AVAILABLE(macos(10.13), ios(11.0), tvos(11.0), watchos(4.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePSSSHA224
-__OSX_AVAILABLE(10.13) __IOS_AVAILABLE(11.0) __TVOS_AVAILABLE(11.0) __WATCHOS_AVAILABLE(4.0);
+API_AVAILABLE(macos(10.13), ios(11.0), tvos(11.0), watchos(4.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePSSSHA256
-__OSX_AVAILABLE(10.13) __IOS_AVAILABLE(11.0) __TVOS_AVAILABLE(11.0) __WATCHOS_AVAILABLE(4.0);
+API_AVAILABLE(macos(10.13), ios(11.0), tvos(11.0), watchos(4.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePSSSHA384
-__OSX_AVAILABLE(10.13) __IOS_AVAILABLE(11.0) __TVOS_AVAILABLE(11.0) __WATCHOS_AVAILABLE(4.0);
+API_AVAILABLE(macos(10.13), ios(11.0), tvos(11.0), watchos(4.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePSSSHA512
-__OSX_AVAILABLE(10.13) __IOS_AVAILABLE(11.0) __TVOS_AVAILABLE(11.0) __WATCHOS_AVAILABLE(4.0);
+API_AVAILABLE(macos(10.13), ios(11.0), tvos(11.0), watchos(4.0));
 
 extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureRFC4754
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 
 extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962SHA1
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962SHA224
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962SHA256
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962SHA384
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962SHA512
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 
 extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageX962SHA1
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageX962SHA224
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageX962SHA256
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageX962SHA384
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageX962SHA512
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 
 extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionRaw
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionPKCS1
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA1
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA224
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA256
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA384
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA512
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 
 extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA1AESGCM
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA224AESGCM
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA256AESGCM
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA384AESGCM
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA512AESGCM
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 
 extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardX963SHA1AESGCM
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardX963SHA224AESGCM
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardX963SHA256AESGCM
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardX963SHA384AESGCM
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardX963SHA512AESGCM
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 
 extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorX963SHA1AESGCM
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorX963SHA224AESGCM
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorX963SHA256AESGCM
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorX963SHA384AESGCM
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorX963SHA512AESGCM
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 
 extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA224AESGCM
-__OSX_AVAILABLE(10.13) __IOS_AVAILABLE(11.0) __TVOS_AVAILABLE(11.0) __WATCHOS_AVAILABLE(4.0);
+API_AVAILABLE(macos(10.13), ios(11.0), tvos(11.0), watchos(4.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA256AESGCM
-__OSX_AVAILABLE(10.13) __IOS_AVAILABLE(11.0) __TVOS_AVAILABLE(11.0) __WATCHOS_AVAILABLE(4.0);
+API_AVAILABLE(macos(10.13), ios(11.0), tvos(11.0), watchos(4.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA384AESGCM
-__OSX_AVAILABLE(10.13) __IOS_AVAILABLE(11.0) __TVOS_AVAILABLE(11.0) __WATCHOS_AVAILABLE(4.0);
+API_AVAILABLE(macos(10.13), ios(11.0), tvos(11.0), watchos(4.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA512AESGCM
-__OSX_AVAILABLE(10.13) __IOS_AVAILABLE(11.0) __TVOS_AVAILABLE(11.0) __WATCHOS_AVAILABLE(4.0);
+API_AVAILABLE(macos(10.13), ios(11.0), tvos(11.0), watchos(4.0));
 
 extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA224AESGCM
-__OSX_AVAILABLE(10.13) __IOS_AVAILABLE(11.0) __TVOS_AVAILABLE(11.0) __WATCHOS_AVAILABLE(4.0);
+API_AVAILABLE(macos(10.13), ios(11.0), tvos(11.0), watchos(4.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA256AESGCM
-__OSX_AVAILABLE(10.13) __IOS_AVAILABLE(11.0) __TVOS_AVAILABLE(11.0) __WATCHOS_AVAILABLE(4.0);
+API_AVAILABLE(macos(10.13), ios(11.0), tvos(11.0), watchos(4.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA384AESGCM
-__OSX_AVAILABLE(10.13) __IOS_AVAILABLE(11.0) __TVOS_AVAILABLE(11.0) __WATCHOS_AVAILABLE(4.0);
+API_AVAILABLE(macos(10.13), ios(11.0), tvos(11.0), watchos(4.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorVariableIVX963SHA512AESGCM
-__OSX_AVAILABLE(10.13) __IOS_AVAILABLE(11.0) __TVOS_AVAILABLE(11.0) __WATCHOS_AVAILABLE(4.0);
+API_AVAILABLE(macos(10.13), ios(11.0), tvos(11.0), watchos(4.0));
 
 extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandard
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA224
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA256
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA384
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA512
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 
 extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactor
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA224
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA256
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA384
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA512
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 
 /*!
     @function SecKeyCreateSignature
@@ -1433,7 +1433,7 @@
     further defines the exact format of input data, operation to be performed and output signature.
  */
 CFDataRef _Nullable SecKeyCreateSignature(SecKeyRef key, SecKeyAlgorithm algorithm, CFDataRef dataToSign, CFErrorRef *error)
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 
 /*!
     @function SecKeyVerifySignature
@@ -1449,7 +1449,7 @@
     further defines the exact format of input data, signature and operation to be performed.
  */
 Boolean SecKeyVerifySignature(SecKeyRef key, SecKeyAlgorithm algorithm, CFDataRef signedData, CFDataRef signature, CFErrorRef *error)
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 
 /*!
     @function SecKeyCreateEncryptedData
@@ -1466,7 +1466,7 @@
  */
 CFDataRef _Nullable SecKeyCreateEncryptedData(SecKeyRef key, SecKeyAlgorithm algorithm, CFDataRef plaintext,
                                                CFErrorRef *error)
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 
 /*!
     @function SecKeyCreateDecryptedData
@@ -1483,7 +1483,7 @@
  */
 CFDataRef _Nullable SecKeyCreateDecryptedData(SecKeyRef key, SecKeyAlgorithm algorithm, CFDataRef ciphertext,
                                                CFErrorRef *error)
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 
 /*!
     @enum SecKeyKeyExchangeParameter SecKey Key Exchange parameters
@@ -1492,11 +1492,11 @@
     for KDF (key derivation function).
  */
 typedef CFStringRef SecKeyKeyExchangeParameter CF_STRING_ENUM
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyKeyExchangeParameter kSecKeyKeyExchangeParameterRequestedSize
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 extern const SecKeyKeyExchangeParameter kSecKeyKeyExchangeParameterSharedInfo
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 
 /*!
     @function SecKeyCopyKeyExchangeResult
@@ -1510,7 +1510,7 @@
     @result Result of key exchange operation as a CFDataRef, or NULL on failure.
  */
 CFDataRef _Nullable SecKeyCopyKeyExchangeResult(SecKeyRef privateKey, SecKeyAlgorithm algorithm, SecKeyRef publicKey, CFDictionaryRef parameters, CFErrorRef *error)
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 
 /*!
     @enum SecKeyOperationType
@@ -1537,7 +1537,7 @@
     kSecKeyOperationTypeEncrypt     = 2,
     kSecKeyOperationTypeDecrypt     = 3,
     kSecKeyOperationTypeKeyExchange = 4,
-} __OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+} API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 
 /*!
     @function SecKeyIsAlgorithmSupported
@@ -1548,7 +1548,7 @@
     @return True if key supports specified algorithm for specified operation, False otherwise.
  */
 Boolean SecKeyIsAlgorithmSupported(SecKeyRef key, SecKeyOperationType operation, SecKeyAlgorithm algorithm)
-__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0);
+API_AVAILABLE(macos(10.12), ios(10.0), tvos(10.0), watchos(3.0));
 
 CF_IMPLICIT_BRIDGING_DISABLED
 CF_ASSUME_NONNULL_END
diff -ruN /Applications/Xcode_12.5.0.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/Security.framework/Headers/SecProtocolOptions.h /Applications/Xcode_13.0.0-beta.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/Security.framework/Headers/SecProtocolOptions.h
--- /Applications/Xcode_12.5.0.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/Security.framework/Headers/SecProtocolOptions.h	2021-03-16 13:56:41.000000000 -0400
+++ /Applications/Xcode_13.0.0-beta.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/Security.framework/Headers/SecProtocolOptions.h	2021-06-02 12:44:23.000000000 -0400
@@ -292,6 +292,19 @@
 sec_protocol_options_get_enable_encrypted_client_hello(sec_protocol_options_t options);
 
 /*!
+ * @function sec_protocol_options_get_quic_use_legacy_codepoint
+ *
+ * @abstract
+ *      Check whether the QUIC legacy codepoint has been enabled.
+ *
+ * @return A boolean that indicates whether or not the QUIC legacy codepoint has been
+ *         enabled.
+ */
+API_UNAVAILABLE(macos, ios, watchos, tvos)
+bool
+sec_protocol_options_get_quic_use_legacy_codepoint(sec_protocol_options_t options);
+
+/*!
  * @function sec_protocol_options_add_tls_application_protocol
  *
  * @abstract
@@ -586,8 +599,7 @@
  *
  * @abstract
  *      For experimental use only. When this is enabled, the Encrypted Client Hello extension will be sent on the Client
- *      Hello if TLS 1.3 is among the supported TLS versions. Default false for clients; always false for servers (servers
- *      ignore this option).
+ *      Hello if TLS 1.3 is among the supported TLS versions. Default false.
  *
  * @param options
  *      A `sec_protocol_options_t` instance.
@@ -599,6 +611,22 @@
 void
 sec_protocol_options_set_enable_encrypted_client_hello(sec_protocol_options_t options, bool enable_encrypted_client_hello);
 
+/*!
+ * @function sec_protocol_options_set_quic_use_legacy_codepoint
+ *
+ * @abstract
+ *      Set QUIC to use the legacy codepoint. Defaults to true.
+ *
+ * @param options
+ *      A `sec_protocol_options_t` instance.
+ *
+ * @param quic_use_legacy_codepoint
+ *      A boolean to enable/disable the legacy codepoint.
+ */
+API_UNAVAILABLE(macos, ios, watchos, tvos)
+void
+sec_protocol_options_set_quic_use_legacy_codepoint(sec_protocol_options_t options, bool quic_use_legacy_codepoint);
+
 #ifdef __BLOCKS__
 
 /*!
diff -ruN /Applications/Xcode_12.5.0.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/Security.framework/Headers/SecTrust.h /Applications/Xcode_13.0.0-beta.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/Security.framework/Headers/SecTrust.h
--- /Applications/Xcode_12.5.0.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/Security.framework/Headers/SecTrust.h	2021-03-16 13:56:41.000000000 -0400
+++ /Applications/Xcode_13.0.0-beta.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/Security.framework/Headers/SecTrust.h	2021-06-02 05:38:08.000000000 -0400
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002-2016 Apple Inc. All Rights Reserved.
+ * Copyright (c) 2002-2021 Apple Inc. All Rights Reserved.
  *
  * @APPLE_LICENSE_HEADER_START@
  *
@@ -152,7 +152,13 @@
         if this chain is CT qualified.
     @constant kSecTrustCertificateTransparencyWhiteList
         This key will be present and have a value of kCFBooleanTrue
-        if this chain is EV, not CT qualified, but included of the CT WhiteList.
+        if this chain is EV, but not CT qualified, and is permitted
+        as an exception to CT policy requirements.
+        Note: in macOS 10.12 and iOS 10, previously-issued EV certificates
+        were considered exempt from the CT requirement. As those certificates
+        expired, exempting them was no longer needed. This key is deprecated
+        in macOS 10.13 and iOS 11, and is no longer returned in the trust
+        results dictionary as of those releases.
  */
 extern const CFStringRef kSecTrustEvaluationDate
     __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
@@ -503,10 +509,14 @@
     The leaf cert (index 0) is always present regardless of whether the trust
     reference has been evaluated or not.
     @result A SecCertificateRef for the requested certificate.
+    @discussion This API is fundamentally not thread-safe -- other threads using the same
+    trust object may trigger trust evaluations that release the returned certificate or change the
+    certificate chain as a thread is iterating through the certificate chain. The replacement function
+    SecTrustCopyCertificateChain provides thread-safe results.
  */
 __nullable
 SecCertificateRef SecTrustGetCertificateAtIndex(SecTrustRef trust, CFIndex ix)
-    __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0);
+    API_DEPRECATED_WITH_REPLACEMENT("SecTrustCopyCertificateChain", macos(10.7, 12.0), ios(2.0, 15.0), watchos(1.0, 8.0), tvos(9.0, 15.0));
 
 /*!
     @function SecTrustCopyExceptions
@@ -561,14 +571,17 @@
     evaluated, the returned property array will be empty.
     @result A property array. It is the caller's responsibility to CFRelease
     the returned array when it is no longer needed.
-    @discussion This function returns an ordered array of CFDictionaryRef
+    @discussion On macOS, this function returns an ordered array of CFDictionaryRef
     instances for each certificate in the chain. Indices run from 0 (leaf) to
-    the anchor (or last certificate found if no anchor was found.) See the
-    "Trust Property Constants" section for a list of currently defined keys.
+    the anchor (or last certificate found if no anchor was found.)
+    On other platforms, this function returns an unordered array of CFDictionary instances.
+    See the "Trust Property Constants" section for a list of currently defined keys.
+    The error information conveyed via this interface is also conveyed via the
+    returned error of SecTrustEvaluateWithError.
  */
 __nullable
 CFArrayRef SecTrustCopyProperties(SecTrustRef trust)
-    __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0);
+    API_DEPRECATED_WITH_REPLACEMENT("SecTrustEvaluateWithError", macos(10.7, 12.0), ios(2.0, 15.0), watchos(1.0, 8.0), tvos(9.0, 15.0)) API_UNAVAILABLE(macCatalyst);
 
 /*!
     @function SecTrustCopyResult
@@ -614,6 +627,16 @@
 OSStatus SecTrustSetSignedCertificateTimestamps(SecTrustRef trust, CFArrayRef __nullable sctArray)
     API_AVAILABLE(macos(10.14.2), ios(12.1.1), tvos(12.1.1), watchos(5.1.1));
 
+/*!
+    @function SecTrustCopyCertificateChain
+    @abstract Returns the certificate trust chain
+    @param trust Reference to a trust object.
+    @result A CFArray of the SecCertificateRefs for the resulting certificate chain
+ */
+_Nullable CF_RETURNS_RETAINED
+CFArrayRef SecTrustCopyCertificateChain(SecTrustRef trust)
+    API_AVAILABLE(macos(12.0), ios(15.0), tvos(15.0), watchos(8.0));
+
 CF_IMPLICIT_BRIDGING_DISABLED
 CF_ASSUME_NONNULL_END
 
diff -ruN /Applications/Xcode_12.5.0.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/Security.framework/Headers/SecureTransport.h /Applications/Xcode_13.0.0-beta.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/Security.framework/Headers/SecureTransport.h
--- /Applications/Xcode_12.5.0.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/Security.framework/Headers/SecureTransport.h	2021-03-16 13:56:41.000000000 -0400
+++ /Applications/Xcode_13.0.0-beta.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/Security.framework/Headers/SecureTransport.h	2021-06-02 11:07:24.000000000 -0400
@@ -1223,8 +1223,8 @@
  * @note This function is not available on iOS, and should be considered
  *    deprecated on Mac OS X. To get peer certificates, call SSLCopyPeerTrust
  *    to obtain the SecTrustRef for the peer certificate chain, then use the
- *    SecTrustGetCertificateCount and SecTrustGetCertificateAtIndex functions
- *    to retrieve individual certificates in the chain (see SecTrust.h).
+ *    SecTrustCopyCertificateChain to retrieve individual certificates in
+ *    the chain (see SecTrust.h).
  * @param context A valid SSLContextRef.
  * @param certs Pointer to CFArrayRef that will store a reference to the peer's certificates.
  * @result errSecSuccess on success, alternative error on failure.
Clone this wiki locally