Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1383)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/third_party/nss/ssl/sslplatf.c

Issue 4670004: Change NSS's native auth patch to use PCERT_KEY_CONTEXT instead of HCRYPTPROV on Win (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Rebase Created 9 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/third_party/nss/ssl/sslimpl.h ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/third_party/nss/ssl/sslplatf.c
diff --git a/net/third_party/nss/ssl/sslplatf.c b/net/third_party/nss/ssl/sslplatf.c
index 3b2ffb48ccf6453cc5737f7c142b301957547de7..213feee8570b51e8ef618887342e218d8ea22398 100644
--- a/net/third_party/nss/ssl/sslplatf.c
+++ b/net/third_party/nss/ssl/sslplatf.c
@@ -101,7 +101,12 @@ loser:
void
ssl_FreePlatformKey(PlatformKey key)
{
- CryptReleaseContext(key, 0);
+ if (key) {
+ if (key->dwKeySpec != CERT_NCRYPT_KEY_SPEC)
+ CryptReleaseContext(key->hCryptProv, 0);
+ /* FIXME(rsleevi): Close CNG keys. */
+ PORT_Free(key);
+ }
}
void
@@ -148,28 +153,32 @@ ssl_GetPlatformAuthInfoForKey(PlatformKey key,
{
DWORD bytesNeeded = 0;
ssl_InitPlatformAuthInfo(info);
+ if (!key || key->dwKeySpec == CERT_NCRYPT_KEY_SPEC)
+ goto error;
+
bytesNeeded = sizeof(info->provType);
- if (!CryptGetProvParam(key, PP_PROVTYPE, (BYTE*)&info->provType,
- &bytesNeeded, 0))
+ if (!CryptGetProvParam(key->hCryptProv, PP_PROVTYPE,
+ (BYTE*)&info->provType, &bytesNeeded, 0))
goto error;
bytesNeeded = 0;
- if (!CryptGetProvParam(key, PP_CONTAINER, NULL, &bytesNeeded, 0))
+ if (!CryptGetProvParam(key->hCryptProv, PP_CONTAINER, NULL, &bytesNeeded,
+ 0))
goto error;
info->container = (char*)PORT_Alloc(bytesNeeded);
if (info->container == NULL)
goto error;
- if (!CryptGetProvParam(key, PP_CONTAINER, (BYTE*)info->container,
- &bytesNeeded, 0))
+ if (!CryptGetProvParam(key->hCryptProv, PP_CONTAINER,
+ (BYTE*)info->container, &bytesNeeded, 0))
goto error;
bytesNeeded = 0;
- if (!CryptGetProvParam(key, PP_NAME, NULL, &bytesNeeded, 0))
+ if (!CryptGetProvParam(key->hCryptProv, PP_NAME, NULL, &bytesNeeded, 0))
goto error;
info->provider = (char*)PORT_Alloc(bytesNeeded);
if (info->provider == NULL)
goto error;
- if (!CryptGetProvParam(key, PP_NAME, (BYTE*)info->provider,
+ if (!CryptGetProvParam(key->hCryptProv, PP_NAME, (BYTE*)info->provider,
&bytesNeeded, 0))
goto error;
@@ -188,10 +197,6 @@ ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf,
SECStatus rv = SECFailure;
PRBool doDerEncode = PR_FALSE;
SECItem hashItem;
- /* TODO(rsleevi): Should AT_SIGNATURE also be checked if doing client
- * auth?
- */
- DWORD keySpec = AT_KEYEXCHANGE;
HCRYPTKEY hKey = 0;
DWORD argLen = 0;
ALG_ID keyAlg = 0;
@@ -202,7 +207,7 @@ ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf,
unsigned int i = 0;
buf->data = NULL;
- if (!CryptGetUserKey(key, keySpec, &hKey)) {
+ if (!CryptGetUserKey(key->hCryptProv, key->dwKeySpec, &hKey)) {
if (GetLastError() == NTE_NO_KEY) {
PORT_SetError(SEC_ERROR_NO_KEY);
} else {
@@ -225,7 +230,6 @@ ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf,
hashItem.len = sizeof(SSL3Hashes);
break;
case CALG_DSS_SIGN:
- /* TODO: Support CALG_ECDSA once tested */
case CALG_ECDSA:
if (keyAlg == CALG_ECDSA) {
doDerEncode = PR_TRUE;
@@ -242,7 +246,7 @@ ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf,
}
PRINT_BUF(60, (NULL, "hash(es) to be signed", hashItem.data, hashItem.len));
- if (!CryptCreateHash(key, hashAlg, 0, 0, &hHash)) {
+ if (!CryptCreateHash(key->hCryptProv, hashAlg, 0, 0, &hHash)) {
PORT_SetError(SSL_ERROR_SIGN_HASHES_FAILURE);
goto done;
}
@@ -259,7 +263,7 @@ ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf,
PORT_SetError(SSL_ERROR_SIGN_HASHES_FAILURE);
goto done;
}
- if (!CryptSignHash(hHash, keySpec, NULL, CRYPT_NOHASHOID,
+ if (!CryptSignHash(hHash, key->dwKeySpec, NULL, CRYPT_NOHASHOID,
NULL, &signatureLen) || signatureLen == 0) {
PORT_SetError(SSL_ERROR_SIGN_HASHES_FAILURE);
goto done;
@@ -268,7 +272,7 @@ ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf,
if (!buf->data)
goto done; /* error code was set. */
- if (!CryptSignHash(hHash, keySpec, NULL, CRYPT_NOHASHOID,
+ if (!CryptSignHash(hHash, key->dwKeySpec, NULL, CRYPT_NOHASHOID,
(BYTE*)buf->data, &signatureLen)) {
PORT_SetError(SSL_ERROR_SIGN_HASHES_FAILURE);
goto done;
« no previous file with comments | « net/third_party/nss/ssl/sslimpl.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698