#include "AppleCSPContext.h"
#include "AppleCSPUtils.h"
#include "AppleCSPKeys.h"
-#include "RSA_DSA_Keys.h"
+#include "RSA_DSA_keys.h"
+#include "SecRandom.h"
#include "opensshCoding.h"
#include "cspdebugging.h"
#include <CommonCrypto/CommonDigest.h>
#include <CommonCrypto/CommonCryptor.h>
#include <openssl/rsa_legacy.h>
#include <openssl/bn_legacy.h>
-#include <security_utilities/devrandom.h>
+#include <utilities/SecCFRelease.h>
static const char *authfile_id_string = "SSH PRIVATE KEY FILE FORMAT 1.1\n";
/* [0..3] check bytes */
UInt8 checkBytes[4];
- DevRandomGenerator rng = DevRandomGenerator();
- rng.random(checkBytes, 2);
+ MacOSError::check(SecRandomCopyBytes(kSecRandomDefault, 2, checkBytes)) ;
checkBytes[2] = checkBytes[0];
checkBytes[3] = checkBytes[1];
CFDataAppendBytes(ptext, checkBytes, 4);
/* encrypt it */
ptextLen = CFDataGetLength(ptext);
- unsigned char ctext[ptextLen];
+ unsigned char *ctext = (unsigned char*)malloc(ptextLen);
+ if(ctext == NULL) {
+ ourRtn = CSSMERR_CSSM_MEMORY_ERROR;
+ goto errOut;
+ }
+
unsigned ctextLen;
ourRtn = ssh1DES3Crypt(cipherSpec, true,
(unsigned char *)CFDataGetBytePtr(ptext), (unsigned)ptextLen,
/* appended encrypted portion */
CFDataAppendBytes(cfOut, ctext, ctextLen);
*encodedKey = cfOut;
+ goto cleanup;
errOut:
+ CFReleaseNull(cfOut);
+cleanup:
/* it would be proper to zero out ptext here, but we can't do that to a CFData */
+ free(ctext);
CFRelease(ptext);
return ourRtn;
}
CFIndex len = CFDataGetLength(cfOut);
setUpData(WrappedKey.KeyData, len, normAllocator);
memmove(WrappedKey.KeyData.Data, CFDataGetBytePtr(cfOut), len);
- CFRelease(cfOut);
+ CFReleaseNull(cfOut);
/* outgoing header */
WrappedKey.KeyHeader.BlobType = CSSM_KEYBLOB_WRAPPED;
if(comment) {
setUpCssmData(DescriptiveData, commentLen, normAllocator);
memcpy(DescriptiveData.Data, comment, commentLen);
+ free(comment);
}
/*