fix(IoT): Using SecKeyCreateSignature instead (#5442)

aws-amplify · Sep 25, 2024 · 465f360 · 465f360
1 parent e5341ca
commit 465f360
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 13 deletions.
diff --git a/AWSIoT/Internal/AWSIoTCSR.m b/AWSIoT/Internal/AWSIoTCSR.m
@@ -74,20 +74,15 @@ - (NSData*)generateCSRForCertificate:(NSString*)certificateId {
     }
 
     NSMutableData * certRequestData = [self createCertificateRequestData];
-
-    CC_SHA256_CTX SHA256Struct;
-    CC_SHA256_Init(&SHA256Struct);
-    CC_SHA256_Update(&SHA256Struct, [certRequestData mutableBytes], (unsigned int)[certRequestData length]);
-    unsigned char SHA256Digest[CC_SHA256_DIGEST_LENGTH];
-    CC_SHA256_Final(SHA256Digest, &SHA256Struct);
-
-    unsigned char sig[256];
-    size_t sigLen = sizeof(sig);
-    OSStatus sanityCheck = SecKeyRawSign(privateKeyRef, kSecPaddingPKCS1SHA256, SHA256Digest, sizeof(SHA256Digest), sig, &sigLen);
-    if (sanityCheck != noErr) {
+    NSData *signature = CFBridgingRelease(SecKeyCreateSignature(privateKeyRef, kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA256, (CFDataRef)certRequestData, nil));
+    if (signature == nil) {
         return nil;
     }
-
+
+    unsigned char sig[256];
+    size_t sigLen = sizeof(sig);
+    [signature getBytes:&sig length:sigLen];
+
     NSMutableData * scr = [[NSMutableData alloc] initWithData:certRequestData];
 
     // DER encoded value of digest algorithm sha256WithRSAEncryption

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,7 +2,10 @@
 
 ## Unreleased
 
--Features for next release
+### Bug Fixes
+
+- **AWSIoT** 
+  - Replacing deprecated `SecKeyRawSign` with `SecKeyCreateSignature` (#5442)
 
 ## 2.37.1