Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(148)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/third_party/nss/ssl/sslplatf.c

Issue 4670004: Change NSS's native auth patch to use PCERT_KEY_CONTEXT instead of HCRYPTPROV on Win (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Rebase to trunk Created 9 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/third_party/nss/ssl/sslimpl.h ('K') | « net/third_party/nss/ssl/sslimpl.h ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/third_party/nss/ssl/sslplatf.c
diff --git a/net/third_party/nss/ssl/sslplatf.c b/net/third_party/nss/ssl/sslplatf.c
index 2b006bdf884f8d2606d7fbc52c88241cbd8a4cf9..19590325377632710b72ee860b0d1019ad336ac4 100644
--- a/net/third_party/nss/ssl/sslplatf.c
+++ b/net/third_party/nss/ssl/sslplatf.c
@@ -101,7 +101,12 @@ loser:
void
ssl_FreePlatformKey(PlatformKey key)
{
- CryptReleaseContext(key, 0);
+ if (!key)
+ return;
+ if (key->dwKeySpec != CERT_NCRYPT_KEY_SPEC)
+ CryptReleaseContext(key->hCryptProv, 0);
+ // FIXME(rsleevi): Close CNG keys.
+ PORT_Free(key);
wtc 2011/02/04 01:32:16 Rewrite this in this style: if (key) {
}
void
@@ -148,28 +153,32 @@ ssl_GetPlatformAuthInfoForKey(PlatformKey key,
{
DWORD bytesNeeded = 0;
ssl_InitPlatformAuthInfo(info);
+ if (!key || key->dwKeySpec == CERT_NCRYPT_KEY_SPEC)
+ goto error;
+
bytesNeeded = sizeof(info->provType);
- if (!CryptGetProvParam(key, PP_PROVTYPE, (BYTE*)&info->provType,
- &bytesNeeded, 0))
+ if (!CryptGetProvParam(key->hCryptProv, PP_PROVTYPE,
+ (BYTE*)&info->provType, &bytesNeeded, 0))
goto error;
bytesNeeded = 0;
- if (!CryptGetProvParam(key, PP_CONTAINER, NULL, &bytesNeeded, 0))
+ if (!CryptGetProvParam(key->hCryptProv, PP_CONTAINER, NULL, &bytesNeeded,
+ 0))
goto error;
info->container = (char*)PORT_Alloc(bytesNeeded);
if (info->container == NULL)
goto error;
- if (!CryptGetProvParam(key, PP_CONTAINER, (BYTE*)info->container,
- &bytesNeeded, 0))
+ if (!CryptGetProvParam(key->hCryptProv, PP_CONTAINER,
+ (BYTE*)info->container, &bytesNeeded, 0))
goto error;
bytesNeeded = 0;
- if (!CryptGetProvParam(key, PP_NAME, NULL, &bytesNeeded, 0))
+ if (!CryptGetProvParam(key->hCryptProv, PP_NAME, NULL, &bytesNeeded, 0))
goto error;
info->provider = (char*)PORT_Alloc(bytesNeeded);
if (info->provider == NULL)
goto error;
- if (!CryptGetProvParam(key, PP_NAME, (BYTE*)info->provider,
+ if (!CryptGetProvParam(key->hCryptProv, PP_NAME, (BYTE*)info->provider,
&bytesNeeded, 0))
goto error;
@@ -188,10 +197,6 @@ ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf,
SECStatus rv = SECFailure;
PRBool doDerEncode = PR_FALSE;
SECItem hashItem;
- /* TODO(rsleevi): Should AT_SIGNATURE also be checked if doing client
- * auth?
- */
- DWORD keySpec = AT_KEYEXCHANGE;
HCRYPTKEY hKey = 0;
DWORD argLen = 0;
ALG_ID keyAlg = 0;
@@ -202,7 +207,7 @@ ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf,
unsigned int i = 0;
buf->data = NULL;
- if (!CryptGetUserKey(key, keySpec, &hKey)) {
+ if (!CryptGetUserKey(key->hCryptProv, key->dwKeySpec, &hKey)) {
PORT_SetError(SEC_ERROR_INVALID_KEY);
goto done;
}
@@ -221,7 +226,6 @@ ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf,
hashItem.len = sizeof(SSL3Hashes);
break;
case CALG_DSS_SIGN:
- /* TODO: Support CALG_ECDSA once tested */
case CALG_ECDSA:
if (keyAlg == CALG_ECDSA) {
doDerEncode = PR_TRUE;
@@ -238,7 +242,7 @@ ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf,
}
PRINT_BUF(60, (NULL, "hash(es) to be signed", hashItem.data, hashItem.len));
- if (!CryptCreateHash(key, hashAlg, 0, 0, &hHash)) {
+ if (!CryptCreateHash(key->hCryptProv, hashAlg, 0, 0, &hHash)) {
ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE);
goto done;
}
@@ -255,7 +259,7 @@ ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf,
ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE);
goto done;
}
- if (!CryptSignHash(hHash, keySpec, NULL, CRYPT_NOHASHOID,
+ if (!CryptSignHash(hHash, key->dwKeySpec, NULL, CRYPT_NOHASHOID,
NULL, &signatureLen) || signatureLen == 0) {
ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE);
goto done;
@@ -264,7 +268,7 @@ ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf,
if (!buf->data)
goto done; /* error code was set. */
- if (!CryptSignHash(hHash, keySpec, NULL, CRYPT_NOHASHOID,
+ if (!CryptSignHash(hHash, key->dwKeySpec, NULL, CRYPT_NOHASHOID,
(BYTE*)buf->data, &signatureLen)) {
ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE);
goto done;
« net/third_party/nss/ssl/sslimpl.h ('K') | « net/third_party/nss/ssl/sslimpl.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698