| Index: patches/nss-pk11-encrypt.patch
|
| ===================================================================
|
| --- patches/nss-pk11-encrypt.patch (revision 190723)
|
| +++ patches/nss-pk11-encrypt.patch (working copy)
|
| @@ -1,17 +1,17 @@
|
| Index: mozilla/security/nss/lib/pk11wrap/pk11obj.c
|
| ===================================================================
|
| ---- mozilla/security/nss/lib/pk11wrap/pk11obj.c (revision 182578)
|
| +--- mozilla/security/nss/lib/pk11wrap/pk11obj.c (revision 190722)
|
| +++ mozilla/security/nss/lib/pk11wrap/pk11obj.c (working copy)
|
| @@ -822,6 +822,93 @@
|
| return SECSuccess;
|
| }
|
|
|
| +SECStatus
|
| -+PK11_EncryptWithSymKey(PK11SymKey *symKey,
|
| -+ CK_MECHANISM_TYPE mechanism, SECItem *param,
|
| -+ unsigned char *out, unsigned int *outLen,
|
| -+ unsigned int maxLen,
|
| -+ const unsigned char *data, unsigned dataLen)
|
| ++PK11_Decrypt(PK11SymKey *symKey,
|
| ++ CK_MECHANISM_TYPE mechanism, SECItem *param,
|
| ++ unsigned char *out, unsigned int *outLen,
|
| ++ unsigned int maxLen,
|
| ++ const unsigned char *enc, unsigned encLen)
|
| +{
|
| + PK11SlotInfo *slot = symKey->slot;
|
| + CK_MECHANISM mech = {0, NULL, 0 };
|
| @@ -30,17 +30,18 @@
|
| + session = pk11_GetNewSession(slot, &owner);
|
| + haslock = (!owner || !slot->isThreadSafe);
|
| + if (haslock) PK11_EnterSlotMonitor(slot);
|
| -+ crv = PK11_GETTAB(slot)->C_EncryptInit(session, &mech, symKey->objectID);
|
| ++ crv = PK11_GETTAB(slot)->C_DecryptInit(session, &mech, symKey->objectID);
|
| + if (crv != CKR_OK) {
|
| + if (haslock) PK11_ExitSlotMonitor(slot);
|
| -+ pk11_CloseSession(slot,session,owner);
|
| ++ pk11_CloseSession(slot, session, owner);
|
| + PORT_SetError( PK11_MapError(crv) );
|
| + return SECFailure;
|
| + }
|
| -+ crv = PK11_GETTAB(slot)->C_Encrypt(session, (unsigned char *)data,
|
| -+ dataLen, out, &len);
|
| ++
|
| ++ crv = PK11_GETTAB(slot)->C_Decrypt(session, (unsigned char *)enc, encLen,
|
| ++ out, &len);
|
| + if (haslock) PK11_ExitSlotMonitor(slot);
|
| -+ pk11_CloseSession(slot,session,owner);
|
| ++ pk11_CloseSession(slot, session, owner);
|
| + *outLen = len;
|
| + if (crv != CKR_OK) {
|
| + PORT_SetError( PK11_MapError(crv) );
|
| @@ -50,11 +51,11 @@
|
| +}
|
| +
|
| +SECStatus
|
| -+PK11_DecryptWithSymKey(PK11SymKey *symKey,
|
| -+ CK_MECHANISM_TYPE mechanism, SECItem *param,
|
| -+ unsigned char *out, unsigned int *outLen,
|
| -+ unsigned int maxLen,
|
| -+ const unsigned char *enc, unsigned encLen)
|
| ++PK11_Encrypt(PK11SymKey *symKey,
|
| ++ CK_MECHANISM_TYPE mechanism, SECItem *param,
|
| ++ unsigned char *out, unsigned int *outLen,
|
| ++ unsigned int maxLen,
|
| ++ const unsigned char *data, unsigned int dataLen)
|
| +{
|
| + PK11SlotInfo *slot = symKey->slot;
|
| + CK_MECHANISM mech = {0, NULL, 0 };
|
| @@ -73,18 +74,17 @@
|
| + session = pk11_GetNewSession(slot, &owner);
|
| + haslock = (!owner || !slot->isThreadSafe);
|
| + if (haslock) PK11_EnterSlotMonitor(slot);
|
| -+ crv = PK11_GETTAB(slot)->C_DecryptInit(session, &mech, symKey->objectID);
|
| ++ crv = PK11_GETTAB(slot)->C_EncryptInit(session, &mech, symKey->objectID);
|
| + if (crv != CKR_OK) {
|
| + if (haslock) PK11_ExitSlotMonitor(slot);
|
| -+ pk11_CloseSession(slot, session, owner);
|
| ++ pk11_CloseSession(slot,session,owner);
|
| + PORT_SetError( PK11_MapError(crv) );
|
| + return SECFailure;
|
| + }
|
| -+
|
| -+ crv = PK11_GETTAB(slot)->C_Decrypt(session, (unsigned char *)enc, encLen,
|
| -+ out, &len);
|
| ++ crv = PK11_GETTAB(slot)->C_Encrypt(session, (unsigned char *)data,
|
| ++ dataLen, out, &len);
|
| + if (haslock) PK11_ExitSlotMonitor(slot);
|
| -+ pk11_CloseSession(slot, session, owner);
|
| ++ pk11_CloseSession(slot,session,owner);
|
| + *outLen = len;
|
| + if (crv != CKR_OK) {
|
| + PORT_SetError( PK11_MapError(crv) );
|
| @@ -98,22 +98,31 @@
|
| * RSA keys, or they'll fail. We do the checks up front. If anyone comes
|
| Index: mozilla/security/nss/lib/pk11wrap/pk11pub.h
|
| ===================================================================
|
| ---- mozilla/security/nss/lib/pk11wrap/pk11pub.h (revision 182578)
|
| +--- mozilla/security/nss/lib/pk11wrap/pk11pub.h (revision 190722)
|
| +++ mozilla/security/nss/lib/pk11wrap/pk11pub.h (working copy)
|
| +@@ -266,7 +266,7 @@
|
| + CK_MECHANISM_TYPE PK11_MapSignKeyType(KeyType keyType);
|
| +
|
| + /**********************************************************************
|
| +- * Symetric, Public, and Private Keys
|
| ++ * Symmetric, Public, and Private Keys
|
| + **********************************************************************/
|
| + void PK11_FreeSymKey(PK11SymKey *key);
|
| + PK11SymKey *PK11_ReferenceSymKey(PK11SymKey *symKey);
|
| @@ -508,6 +508,17 @@
|
| void *wincx);
|
| int PK11_GetPrivateModulusLen(SECKEYPrivateKey *key);
|
|
|
| -+SECStatus PK11_EncryptWithSymKey(PK11SymKey *symKey,
|
| -+ CK_MECHANISM_TYPE mechanism, SECItem *param,
|
| -+ unsigned char *out, unsigned int *outLen,
|
| -+ unsigned int maxLen,
|
| -+ const unsigned char *data, unsigned dataLen);
|
| -+SECStatus PK11_DecryptWithSymKey(PK11SymKey *symkey,
|
| -+ CK_MECHANISM_TYPE mechanism, SECItem *param,
|
| -+ unsigned char *out, unsigned int *outLen,
|
| -+ unsigned int maxLen,
|
| -+ const unsigned char *enc, unsigned encLen);
|
| ++SECStatus PK11_Decrypt(PK11SymKey *symkey,
|
| ++ CK_MECHANISM_TYPE mechanism, SECItem *param,
|
| ++ unsigned char *out, unsigned int *outLen,
|
| ++ unsigned int maxLen,
|
| ++ const unsigned char *enc, unsigned int encLen);
|
| ++SECStatus PK11_Encrypt(PK11SymKey *symKey,
|
| ++ CK_MECHANISM_TYPE mechanism, SECItem *param,
|
| ++ unsigned char *out, unsigned int *outLen,
|
| ++ unsigned int maxLen,
|
| ++ const unsigned char *data, unsigned int dataLen);
|
| +
|
| /* note: despite the name, this function takes a private key. */
|
| SECStatus PK11_PubDecryptRaw(SECKEYPrivateKey *key, unsigned char *data,
|
|
|
Chromium Code Reviews
Issue 13327005:
PK11_DecryptWithSymKey and PK11_EncryptWithSymKey have been (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/