X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/5c19dc3ae3bd8e40a9c028b0deddd50ff337692c..0d4552ce43ff8bf2e8666a9c5c44c3590eb117a8:/OSX/libsecurity_keychain/lib/SecImportExportCrypto.cpp?ds=inline

diff --git a/OSX/libsecurity_keychain/lib/SecImportExportCrypto.cpp b/OSX/libsecurity_keychain/lib/SecImportExportCrypto.cpp
index 71a4b315..dbdd5875 100644
--- a/OSX/libsecurity_keychain/lib/SecImportExportCrypto.cpp
+++ b/OSX/libsecurity_keychain/lib/SecImportExportCrypto.cpp
@@ -25,22 +25,22 @@
  *							   keys.
  */
 
-#include "SecImportExport.h"
+#include <Security/SecImportExport.h>
 #include "SecImportExportCrypto.h"
 #include "SecImportExportUtils.h"
 #include "Keychains.h"
 #include "Access.h"
 #include "Item.h"
-#include "SecKeyPriv.h"
+#include <Security/SecKeyPriv.h>
 #include "KCEventNotifier.h"
 #include <security_cdsa_utilities/cssmacl.h>
 #include <security_cdsa_utilities/KeySchema.h>
 #include <security_cdsa_utilities/cssmdata.h>
 #include <security_cdsa_utils/cuCdsaUtils.h>
-#include <security_utilities/devrandom.h>
 #include <security_cdsa_client/securestorage.h>
 #include <security_cdsa_client/dlclient.h>
 #include <Security/cssmapi.h>
+#include <security_keychain/KeyItem.h>
 
 /*
  * Key attrribute names and values.
@@ -394,9 +394,8 @@ OSStatus impExpImportKeyCommon(
 		char *randAscii = (char *)randLabel;
 		uint8 randBinary[SEC_RANDOM_LABEL_LEN / 2];
 		unsigned randBinaryLen = SEC_RANDOM_LABEL_LEN / 2;
-		DevRandomGenerator rng;
-
-		rng.random(randBinary, randBinaryLen);
+        MacOSError::check(SecRandomCopyBytes(kSecRandomDefault, randBinaryLen, randBinary));
+        
 		for(unsigned i=0; i<randBinaryLen; i++) {
 			sprintf(randAscii, "%02X", randBinary[i]);
 			randAscii += 2;
@@ -562,8 +561,14 @@ OSStatus impExpImportKeyCommon(
 			KeychainCore::Access::required(accessRef) :
 			new KeychainCore::Access("Imported Private Key"));
 		try {
-			CssmClient::KeyAclBearer bearer(cspHand, unwrappedKey, Allocator::standard());
-			theAccess->setAccess(bearer, maker);
+            if(secKeyRef != NULL) {
+                // setAccess using the new secKeyRef, not the old unwrappedKey.
+                // At this point, we might have duplicate keys registered with securityd. Use the newest one.
+                theAccess->setAccess(*KeyItem::required(secKeyRef)->key(), maker);
+            } else {
+                CssmClient::KeyAclBearer bearer(cspHand, unwrappedKey, Allocator::standard());
+                theAccess->setAccess(bearer, maker);
+            }
 		}
 		catch (const CssmError &e) {
 			/* not implemented means we're talking to the raw CSP which does