#include <Security/SecKey.h>
static void encodePrivateKeyHeader(const CssmData &inBlob, CFDataRef certificate, FVPrivateKeyHeader &outHeader);
-static CFDataRef decodePrivateKeyHeader(SecKeychainRef keychainName, const FVPrivateKeyHeader &inHeader);
+static CFDataRef CF_RETURNS_RETAINED decodePrivateKeyHeader(SecKeychainRef keychainName, const FVPrivateKeyHeader &inHeader);
static void throwIfError(CSSM_RETURN rv);
#pragma mark ----- Public SPI -----
passThrough(CSSM_APPLECSP_KEYDIGEST, NULL, &outData);
CssmData *cssmData = reinterpret_cast<CssmData *>(outData);
- assert(cssmData->Length <= sizeof(outHeader.publicKeyHash));
outHeader.publicKeyHashSize = (uint32_t)cssmData->Length;
- memcpy(outHeader.publicKeyHash, cssmData->Data, cssmData->Length);
+ if (outHeader.publicKeyHashSize > sizeof(outHeader.publicKeyHash)) {
+ secinfo("FDERecovery", "encodePrivateKeyHeader: publicKeyHash too big: %d", outHeader.publicKeyHashSize);
+ outHeader.publicKeyHashSize = 0; /* failed to copy hash value */
+ } else {
+ memcpy(outHeader.publicKeyHash, cssmData->Data, outHeader.publicKeyHashSize);
+ }
fCSP.allocator().free(cssmData->Data);
fCSP.allocator().free(cssmData);
CSSM_CC_HANDLE cc = 0;
SecKeychainSearchRef _searchRef;
- throwIfError(SecKeychainSearchCreateFromAttributes(keychain, CSSM_DL_DB_RECORD_PRIVATE_KEY, &attrList, &_searchRef));
+ throwIfError(SecKeychainSearchCreateFromAttributes(keychain, (SecItemClass) CSSM_DL_DB_RECORD_PRIVATE_KEY, &attrList, &_searchRef));
CFRef<SecKeychainSearchRef> searchRef(_searchRef);
SecKeychainItemRef _item;
projects / apple / security.git / blobdiff