Private API for extensions like ssh-client that need access to TCP.

base/crypto/symmetric_key_mac.cc

Index: base/crypto/symmetric_key_mac.cc
diff --git a/base/crypto/symmetric_key_mac.cc b/base/crypto/symmetric_key_mac.cc
index 574f9d28e28b23aed3f0ea20ed5b8f4a059910d9..5c62257c232252b0ebce9e0ff9bbceffcde34d41 100644
--- a/base/crypto/symmetric_key_mac.cc
+++ b/base/crypto/symmetric_key_mac.cc
@@ -1,9 +1,11 @@
-// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "base/crypto/symmetric_key.h"
 
+#include <vector>
+
 #include <CommonCrypto/CommonCryptor.h>
 #include <CoreFoundation/CFString.h>
 #include <Security/cssm.h>
@@ -32,27 +34,6 @@ CSSM_KEY_TYPE CheckKeyParams(base::SymmetricKey::Algorithm algorithm,
   }
 }
 
-void* CreateRandomBytes(size_t size) {
-  CSSM_RETURN err;
-  CSSM_CC_HANDLE ctx;
-  err = CSSM_CSP_CreateRandomGenContext(base::GetSharedCSPHandle(),
-                                        CSSM_ALGID_APPLE_YARROW,
-                                        NULL,
-                                        size, &ctx);
-  if (err) {
-    base::LogCSSMError("CSSM_CSP_CreateRandomGenContext", err);
-    return NULL;
-  }
-  CSSM_DATA random_data = {};
-  err = CSSM_GenerateRandom(ctx, &random_data);
-  if (err) {
-    base::LogCSSMError("CSSM_GenerateRandom", err);
-    random_data.Data = NULL;
-  }
-  CSSM_DeleteContext(ctx);
-  return random_data.Data;  // Caller responsible for freeing this
-}
-
 inline CSSM_DATA StringToData(const std::string& str) {
   CSSM_DATA data = {
     str.size(),
@@ -65,17 +46,47 @@ inline CSSM_DATA StringToData(const std::string& str) {
 
 namespace base {
 
-SymmetricKey::~SymmetricKey() {}
+SymmetricKey::~SymmetricKey() {
+  std::fill(key_.begin(), key_.end(), 0);
+}
+
+// static
+bool SymmetricKey::GenerateRandomBytes(size_t num_bytes, uint8* out) {
+  if (num_bytes == 0)
+    return true;
+  if (out == NULL)
+    return false;
+
+  CSSM_RETURN err;
+  CSSM_CC_HANDLE ctx;
+  err = CSSM_CSP_CreateRandomGenContext(base::GetSharedCSPHandle(),
+                                        CSSM_ALGID_APPLE_YARROW,
+                                        NULL,
+                                        num_bytes, &ctx);
+  if (err) {
+    base::LogCSSMError("CSSM_CSP_CreateRandomGenContext", err);
+    return false;
+  }
+  CSSM_DATA random_data = { num_bytes, out };
+  err = CSSM_GenerateRandom(ctx, &random_data);
+  CSSM_DeleteContext(ctx);
+  if (err != CSSM_OK) {
+    base::LogCSSMError("CSSM_GenerateRandom", err);
+    return false;
+  }
+  DCHECK(random_data.Data == out);
+  return true;
+}
 
 // static
 SymmetricKey* SymmetricKey::GenerateRandomKey(Algorithm algorithm,
                                               size_t key_size_in_bits) {
   CheckKeyParams(algorithm, key_size_in_bits);
-  void* random_bytes = CreateRandomBytes((key_size_in_bits + 7) / 8);
-  if (!random_bytes)
+  std::vector<uint8> random_bytes((key_size_in_bits + 7) / 8);
+  if (!GenerateRandomBytes(random_bytes.size(), &random_bytes[0]))
     return NULL;
-  SymmetricKey *key = new SymmetricKey(random_bytes, key_size_in_bits);
-  free(random_bytes);
+  SymmetricKey* key = new SymmetricKey(&random_bytes[0], key_size_in_bits);
+  std::fill(random_bytes.begin(), random_bytes.end(), 0u);
   return key;
 }
 
@@ -139,9 +150,9 @@ SymmetricKey* SymmetricKey::Import(Algorithm algorithm,
   return new SymmetricKey(raw_key.data(), raw_key.size() * 8);
 }
 
-SymmetricKey::SymmetricKey(const void *key_data, size_t key_size_in_bits)
-  : key_(reinterpret_cast<const char*>(key_data),
-         key_size_in_bits / 8) {}
+SymmetricKey::SymmetricKey(const void* key_data, size_t key_size_in_bits)
+    : key_(static_cast<const char*>(key_data), key_size_in_bits / 8) {
+}
 
 bool SymmetricKey::GetRawKey(std::string* raw_key) {
   *raw_key = key_;