]> git.saurik.com Git - apple/security.git/blobdiff - OSX/libsecurity_keychain/lib/SecImportExportCrypto.cpp
projects / apple / security.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security-57337.60.2.tar.gz
[apple/security.git] / OSX / libsecurity_keychain / lib / SecImportExportCrypto.cpp
diff --git a/OSX/libsecurity_keychain/lib/SecImportExportCrypto.cpp b/OSX/libsecurity_keychain/lib/SecImportExportCrypto.cpp
index 71a4b3158a520697da754c1f1a89d57eea14b737..1f89f4cef3d9b486b5ca8761b479395721dc8f1c 100644 (file)
--- a/OSX/libsecurity_keychain/lib/SecImportExportCrypto.cpp
+++ b/OSX/libsecurity_keychain/lib/SecImportExportCrypto.cpp
@@ -41,6 +41,7 @@
 #include <security_cdsa_client/securestorage.h>
 #include <security_cdsa_client/dlclient.h>
 #include <Security/cssmapi.h>
 #include <security_cdsa_client/securestorage.h>
 #include <security_cdsa_client/dlclient.h>
 #include <Security/cssmapi.h>
+#include <security_keychain/KeyItem.h>
 
 /*
  * Key attrribute names and values.
 
 /*
  * Key attrribute names and values.
@@ -562,8 +563,14 @@ OSStatus impExpImportKeyCommon(
                        KeychainCore::Access::required(accessRef) :
                        new KeychainCore::Access("Imported Private Key"));
                try {
                        KeychainCore::Access::required(accessRef) :
                        new KeychainCore::Access("Imported Private Key"));
                try {
-                       CssmClient::KeyAclBearer bearer(cspHand, unwrappedKey, Allocator::standard());
-                       theAccess->setAccess(bearer, maker);
+            if(secKeyRef != NULL) {
+                // setAccess using the new secKeyRef, not the old unwrappedKey.
+                // At this point, we might have duplicate keys registered with securityd. Use the newest one.
+                theAccess->setAccess(*KeyItem::required(secKeyRef)->key(), maker);
+            } else {
+                CssmClient::KeyAclBearer bearer(cspHand, unwrappedKey, Allocator::standard());
+                theAccess->setAccess(bearer, maker);
+            }
                }
                catch (const CssmError &e) {
                        /* not implemented means we're talking to the raw CSP which does
                }
                catch (const CssmError &e) {
                        /* not implemented means we're talking to the raw CSP which does
mirror of Security