From 465f360debb32bdf7cb24ce415c60e4f0fe2b7bb Mon Sep 17 00:00:00 2001 From: Sebastian Villena <97059974+ruisebas@users.noreply.github.com> Date: Wed, 25 Sep 2024 15:09:13 -0400 Subject: [PATCH] fix(IoT): Using SecKeyCreateSignature instead (#5442) --- AWSIoT/Internal/AWSIoTCSR.m | 19 +++++++------------ CHANGELOG.md | 5 ++++- 2 files changed, 11 insertions(+), 13 deletions(-) diff --git a/AWSIoT/Internal/AWSIoTCSR.m b/AWSIoT/Internal/AWSIoTCSR.m index e5ee34582bd..815047bc816 100644 --- a/AWSIoT/Internal/AWSIoTCSR.m +++ b/AWSIoT/Internal/AWSIoTCSR.m @@ -74,20 +74,15 @@ - (NSData*)generateCSRForCertificate:(NSString*)certificateId { } NSMutableData * certRequestData = [self createCertificateRequestData]; - - CC_SHA256_CTX SHA256Struct; - CC_SHA256_Init(&SHA256Struct); - CC_SHA256_Update(&SHA256Struct, [certRequestData mutableBytes], (unsigned int)[certRequestData length]); - unsigned char SHA256Digest[CC_SHA256_DIGEST_LENGTH]; - CC_SHA256_Final(SHA256Digest, &SHA256Struct); - - unsigned char sig[256]; - size_t sigLen = sizeof(sig); - OSStatus sanityCheck = SecKeyRawSign(privateKeyRef, kSecPaddingPKCS1SHA256, SHA256Digest, sizeof(SHA256Digest), sig, &sigLen); - if (sanityCheck != noErr) { + NSData *signature = CFBridgingRelease(SecKeyCreateSignature(privateKeyRef, kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA256, (CFDataRef)certRequestData, nil)); + if (signature == nil) { return nil; } - + + unsigned char sig[256]; + size_t sigLen = sizeof(sig); + [signature getBytes:&sig length:sigLen]; + NSMutableData * scr = [[NSMutableData alloc] initWithData:certRequestData]; // DER encoded value of digest algorithm sha256WithRSAEncryption diff --git a/CHANGELOG.md b/CHANGELOG.md index 088f970ec99..8ab5470a5c0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,10 @@ ## Unreleased --Features for next release +### Bug Fixes + +- **AWSIoT** + - Replacing deprecated `SecKeyRawSign` with `SecKeyCreateSignature` (#5442) ## 2.37.1