X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/866f8763175ff60e4fa455b92b5eb660a12fe6c7..7e6b461318c8a779d91381531435a68ee4e8b6ed:/OSX/libsecurity_apple_csp/lib/opensshWrap.cpp?ds=sidebyside

diff --git a/OSX/libsecurity_apple_csp/lib/opensshWrap.cpp b/OSX/libsecurity_apple_csp/lib/opensshWrap.cpp
index 988943b2..07185bc2 100644
--- a/OSX/libsecurity_apple_csp/lib/opensshWrap.cpp
+++ b/OSX/libsecurity_apple_csp/lib/opensshWrap.cpp
@@ -31,13 +31,13 @@
 #include "AppleCSPUtils.h"
 #include "AppleCSPKeys.h"
 #include "RSA_DSA_keys.h"
+#include "SecRandom.h"
 #include "opensshCoding.h"
 #include "cspdebugging.h"
 #include <CommonCrypto/CommonDigest.h>
 #include <CommonCrypto/CommonCryptor.h>
 #include <openssl/rsa_legacy.h>
 #include <openssl/bn_legacy.h>
-#include <security_utilities/devrandom.h>
 #include <utilities/SecCFRelease.h>
 
 static const char *authfile_id_string = "SSH PRIVATE KEY FILE FORMAT 1.1\n";
@@ -376,8 +376,7 @@ CSSM_RETURN encodeOpenSSHv1PrivKey(
 	
 	/* [0..3] check bytes */
 	UInt8 checkBytes[4];
-	DevRandomGenerator rng = DevRandomGenerator();
-	rng.random(checkBytes, 2);
+    MacOSError::check(SecRandomCopyBytes(kSecRandomDefault, 2, checkBytes)) ;
 	checkBytes[2] = checkBytes[0];
 	checkBytes[3] = checkBytes[1];
 	CFDataAppendBytes(ptext, checkBytes, 4);
@@ -402,7 +401,12 @@ CSSM_RETURN encodeOpenSSHv1PrivKey(
 	
 	/* encrypt it */
 	ptextLen = CFDataGetLength(ptext);
-	unsigned char ctext[ptextLen];
+	unsigned char *ctext = (unsigned char*)malloc(ptextLen);
+	if(ctext == NULL) {
+		ourRtn = CSSMERR_CSSM_MEMORY_ERROR;
+		goto errOut;
+	}
+
 	unsigned ctextLen;
 	ourRtn = ssh1DES3Crypt(cipherSpec, true, 
 		(unsigned char *)CFDataGetBytePtr(ptext), (unsigned)ptextLen,
@@ -420,6 +424,7 @@ errOut:
     CFReleaseNull(cfOut);
 cleanup:
 	/* it would be proper to zero out ptext here, but we can't do that to a CFData */
+	free(ctext);
 	CFRelease(ptext);
 	return ourRtn;
 }