Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(275)

Side by Side Diff: net/third_party/nss/ssl/sslplatf.c

Issue 6413010: Allow the SSL session cache on Win/Mac to be used even after a client cert key is removed (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 9 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 /* 1 /*
2 * Platform specific crypto wrappers 2 * Platform specific crypto wrappers
3 * 3 *
4 * ***** BEGIN LICENSE BLOCK ***** 4 * ***** BEGIN LICENSE BLOCK *****
5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
6 * 6 *
7 * The contents of this file are subject to the Mozilla Public License Version 7 * The contents of this file are subject to the Mozilla Public License Version
8 * 1.1 (the "License"); you may not use this file except in compliance with 8 * 1.1 (the "License"); you may not use this file except in compliance with
9 * the License. You may obtain a copy of the License at 9 * the License. You may obtain a copy of the License at
10 * http://www.mozilla.org/MPL/ 10 * http://www.mozilla.org/MPL/
(...skipping 91 matching lines...) Expand 10 before | Expand all | Expand 10 after
102 ssl_FreePlatformKey(PlatformKey key) 102 ssl_FreePlatformKey(PlatformKey key)
103 { 103 {
104 if (key) { 104 if (key) {
105 if (key->dwKeySpec != CERT_NCRYPT_KEY_SPEC) 105 if (key->dwKeySpec != CERT_NCRYPT_KEY_SPEC)
106 CryptReleaseContext(key->hCryptProv, 0); 106 CryptReleaseContext(key->hCryptProv, 0);
107 /* FIXME(rsleevi): Close CNG keys. */ 107 /* FIXME(rsleevi): Close CNG keys. */
108 PORT_Free(key); 108 PORT_Free(key);
109 } 109 }
110 } 110 }
111 111
112 void
113 ssl_FreePlatformAuthInfo(PlatformAuthInfo* info)
114 {
115 if (info->provider != NULL) {
116 PORT_Free(info->provider);
117 info->provider = NULL;
118 }
119 if (info->container != NULL) {
120 PORT_Free(info->container);
121 info->container = NULL;
122 }
123 info->provType = 0;
124 }
125
126 void
127 ssl_InitPlatformAuthInfo(PlatformAuthInfo* info)
128 {
129 info->provider = NULL;
130 info->container = NULL;
131 info->provType = 0;
132 }
133
134 PRBool
135 ssl_PlatformAuthTokenPresent(PlatformAuthInfo *info)
136 {
137 HCRYPTPROV prov = 0;
138
139 if (!info || !info->provider || !info->container)
140 return PR_FALSE;
141
142 if (!CryptAcquireContextA(&prov, info->container, info->provider,
143 info->provType, 0))
144 return PR_FALSE;
145
146 CryptReleaseContext(prov, 0);
147 return PR_TRUE;
148 }
149
150 void
151 ssl_GetPlatformAuthInfoForKey(PlatformKey key,
152 PlatformAuthInfo *info)
153 {
154 DWORD bytesNeeded = 0;
155 ssl_InitPlatformAuthInfo(info);
156 if (!key || key->dwKeySpec == CERT_NCRYPT_KEY_SPEC)
157 goto error;
158
159 bytesNeeded = sizeof(info->provType);
160 if (!CryptGetProvParam(key->hCryptProv, PP_PROVTYPE,
161 (BYTE*)&info->provType, &bytesNeeded, 0))
162 goto error;
163
164 bytesNeeded = 0;
165 if (!CryptGetProvParam(key->hCryptProv, PP_CONTAINER, NULL, &bytesNeeded,
166 0))
167 goto error;
168 info->container = (char*)PORT_Alloc(bytesNeeded);
169 if (info->container == NULL)
170 goto error;
171 if (!CryptGetProvParam(key->hCryptProv, PP_CONTAINER,
172 (BYTE*)info->container, &bytesNeeded, 0))
173 goto error;
174
175 bytesNeeded = 0;
176 if (!CryptGetProvParam(key->hCryptProv, PP_NAME, NULL, &bytesNeeded, 0))
177 goto error;
178 info->provider = (char*)PORT_Alloc(bytesNeeded);
179 if (info->provider == NULL)
180 goto error;
181 if (!CryptGetProvParam(key->hCryptProv, PP_NAME, (BYTE*)info->provider,
182 &bytesNeeded, 0))
183 goto error;
184
185 goto done;
186 error:
187 ssl_FreePlatformAuthInfo(info);
188
189 done:
190 return;
191 }
192
193 SECStatus 112 SECStatus
194 ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf, 113 ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf,
195 PRBool isTLS) 114 PRBool isTLS)
196 { 115 {
197 SECStatus rv = SECFailure; 116 SECStatus rv = SECFailure;
198 PRBool doDerEncode = PR_FALSE; 117 PRBool doDerEncode = PR_FALSE;
199 SECItem hashItem; 118 SECItem hashItem;
200 HCRYPTKEY hKey = 0; 119 HCRYPTKEY hKey = 0;
201 DWORD argLen = 0; 120 DWORD argLen = 0;
202 ALG_ID keyAlg = 0; 121 ALG_ID keyAlg = 0;
(...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after
309 if (rv != SECSuccess && buf->data) { 228 if (rv != SECSuccess && buf->data) {
310 PORT_Free(buf->data); 229 PORT_Free(buf->data);
311 buf->data = NULL; 230 buf->data = NULL;
312 } 231 }
313 return rv; 232 return rv;
314 } 233 }
315 234
316 #elif defined(XP_MACOSX) 235 #elif defined(XP_MACOSX)
317 #include <Security/cssm.h> 236 #include <Security/cssm.h>
318 237
319 /*
320 * In Mac OS X 10.5, these two functions are private but implemented, and
321 * in Mac OS X 10.6, these are exposed publicly. To compile with the 10.5
322 * SDK, we declare them here.
323 */
324 OSStatus SecKeychainItemCreatePersistentReference(SecKeychainItemRef itemRef, CF DataRef *persistentItemRef);
325 OSStatus SecKeychainItemCopyFromPersistentReference(CFDataRef persistentItemRef, SecKeychainItemRef *itemRef);
326
327 void 238 void
328 ssl_FreePlatformKey(PlatformKey key) 239 ssl_FreePlatformKey(PlatformKey key)
329 { 240 {
330 CFRelease(key); 241 CFRelease(key);
331 } 242 }
332 243
333 void
334 ssl_FreePlatformAuthInfo(PlatformAuthInfo* info)
335 {
336 if (info->keychain != NULL) {
337 CFRelease(info->keychain);
338 info->keychain = NULL;
339 }
340 if (info->persistentKey != NULL) {
341 CFRelease(info->persistentKey);
342 info->persistentKey = NULL;
343 }
344 }
345
346 void
347 ssl_InitPlatformAuthInfo(PlatformAuthInfo* info)
348 {
349 info->keychain = NULL;
350 info->persistentKey = NULL;
351 }
352
353 PRBool
354 ssl_PlatformAuthTokenPresent(PlatformAuthInfo* info)
355 {
356 if (!info || !info->keychain || !info->persistentKey)
357 return PR_FALSE;
358
359 // Not actually interested in the status, but it can be used to make sure
360 // that the keychain still exists (as smart card ejection will remove
361 // the keychain)
362 SecKeychainStatus keychainStatus;
363 OSStatus rv = SecKeychainGetStatus(info->keychain, &keychainStatus);
364 if (rv != noErr)
365 return PR_FALSE;
366
367 // Make sure the individual key still exists within the keychain, if
368 // the keychain is present
369 SecKeychainItemRef keychainItem;
370 rv = SecKeychainItemCopyFromPersistentReference(info->persistentKey,
371 &keychainItem);
372 if (rv != noErr)
373 return PR_FALSE;
374
375 CFRelease(keychainItem);
376 return PR_TRUE;
377 }
378
379 void
380 ssl_GetPlatformAuthInfoForKey(PlatformKey key,
381 PlatformAuthInfo *info)
382 {
383 SecKeychainItemRef keychainItem = (SecKeychainItemRef)key;
384 OSStatus rv = SecKeychainItemCopyKeychain(keychainItem, &info->keychain);
385 if (rv == noErr) {
386 rv = SecKeychainItemCreatePersistentReference(keychainItem,
387 &info->persistentKey);
388 }
389 if (rv != noErr) {
390 ssl_FreePlatformAuthInfo(info);
391 }
392 return;
393 }
394
395 SECStatus 244 SECStatus
396 ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf, 245 ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf,
397 PRBool isTLS) 246 PRBool isTLS)
398 { 247 {
399 SECStatus rv = SECFailure; 248 SECStatus rv = SECFailure;
400 PRBool doDerEncode = PR_FALSE; 249 PRBool doDerEncode = PR_FALSE;
401 unsigned int signatureLen; 250 unsigned int signatureLen;
402 OSStatus status = noErr; 251 OSStatus status = noErr;
403 CSSM_CSP_HANDLE cspHandle = 0; 252 CSSM_CSP_HANDLE cspHandle = 0;
404 const CSSM_KEY *cssmKey = NULL; 253 const CSSM_KEY *cssmKey = NULL;
(...skipping 126 matching lines...) Expand 10 before | Expand all | Expand 10 after
531 buf->data = NULL; 380 buf->data = NULL;
532 } 381 }
533 return rv; 382 return rv;
534 } 383 }
535 #else 384 #else
536 void 385 void
537 ssl_FreePlatformKey(PlatformKey key) 386 ssl_FreePlatformKey(PlatformKey key)
538 { 387 {
539 } 388 }
540 389
541 void
542 ssl_FreePlatformAuthInfo(PlatformAuthInfo *info)
543 {
544 }
545
546 void
547 ssl_InitPlatformAuthInfo(PlatformAuthInfo *info)
548 {
549 }
550
551 PRBool
552 ssl_PlatformAuthTokenPresent(PlatformAuthInfo *info)
553 {
554 return PR_FALSE;
555 }
556
557 void
558 ssl_GetPlatformAuthInfoForKey(PlatformKey key, PlatformAuthInfo *info)
559 {
560 }
561
562 SECStatus 390 SECStatus
563 ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf, 391 ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf,
564 PRBool isTLS) 392 PRBool isTLS)
565 { 393 {
566 PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); 394 PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
567 return SECFailure; 395 return SECFailure;
568 } 396 }
569 #endif 397 #endif
570 398
571 #endif /* NSS_PLATFORM_CLIENT_AUTH */ 399 #endif /* NSS_PLATFORM_CLIENT_AUTH */
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698