| Index: net/third_party/nss/ssl/sslplatf.c
|
| ===================================================================
|
| --- net/third_party/nss/ssl/sslplatf.c (revision 74301)
|
| +++ net/third_party/nss/ssl/sslplatf.c (working copy)
|
| @@ -101,7 +101,12 @@
|
| void
|
| ssl_FreePlatformKey(PlatformKey key)
|
| {
|
| - CryptReleaseContext(key, 0);
|
| + if (key) {
|
| + if (key->dwKeySpec != CERT_NCRYPT_KEY_SPEC)
|
| + CryptReleaseContext(key->hCryptProv, 0);
|
| + /* FIXME(rsleevi): Close CNG keys. */
|
| + PORT_Free(key);
|
| + }
|
| }
|
|
|
| void
|
| @@ -148,28 +153,32 @@
|
| {
|
| DWORD bytesNeeded = 0;
|
| ssl_InitPlatformAuthInfo(info);
|
| + if (!key || key->dwKeySpec == CERT_NCRYPT_KEY_SPEC)
|
| + goto error;
|
| +
|
| bytesNeeded = sizeof(info->provType);
|
| - if (!CryptGetProvParam(key, PP_PROVTYPE, (BYTE*)&info->provType,
|
| - &bytesNeeded, 0))
|
| + if (!CryptGetProvParam(key->hCryptProv, PP_PROVTYPE,
|
| + (BYTE*)&info->provType, &bytesNeeded, 0))
|
| goto error;
|
|
|
| bytesNeeded = 0;
|
| - if (!CryptGetProvParam(key, PP_CONTAINER, NULL, &bytesNeeded, 0))
|
| + if (!CryptGetProvParam(key->hCryptProv, PP_CONTAINER, NULL, &bytesNeeded,
|
| + 0))
|
| goto error;
|
| info->container = (char*)PORT_Alloc(bytesNeeded);
|
| if (info->container == NULL)
|
| goto error;
|
| - if (!CryptGetProvParam(key, PP_CONTAINER, (BYTE*)info->container,
|
| - &bytesNeeded, 0))
|
| + if (!CryptGetProvParam(key->hCryptProv, PP_CONTAINER,
|
| + (BYTE*)info->container, &bytesNeeded, 0))
|
| goto error;
|
|
|
| bytesNeeded = 0;
|
| - if (!CryptGetProvParam(key, PP_NAME, NULL, &bytesNeeded, 0))
|
| + if (!CryptGetProvParam(key->hCryptProv, PP_NAME, NULL, &bytesNeeded, 0))
|
| goto error;
|
| info->provider = (char*)PORT_Alloc(bytesNeeded);
|
| if (info->provider == NULL)
|
| goto error;
|
| - if (!CryptGetProvParam(key, PP_NAME, (BYTE*)info->provider,
|
| + if (!CryptGetProvParam(key->hCryptProv, PP_NAME, (BYTE*)info->provider,
|
| &bytesNeeded, 0))
|
| goto error;
|
|
|
| @@ -188,10 +197,6 @@
|
| SECStatus rv = SECFailure;
|
| PRBool doDerEncode = PR_FALSE;
|
| SECItem hashItem;
|
| - /* TODO(rsleevi): Should AT_SIGNATURE also be checked if doing client
|
| - * auth?
|
| - */
|
| - DWORD keySpec = AT_KEYEXCHANGE;
|
| HCRYPTKEY hKey = 0;
|
| DWORD argLen = 0;
|
| ALG_ID keyAlg = 0;
|
| @@ -202,7 +207,7 @@
|
| unsigned int i = 0;
|
|
|
| buf->data = NULL;
|
| - if (!CryptGetUserKey(key, keySpec, &hKey)) {
|
| + if (!CryptGetUserKey(key->hCryptProv, key->dwKeySpec, &hKey)) {
|
| PORT_SetError(SEC_ERROR_INVALID_KEY);
|
| goto done;
|
| }
|
| @@ -221,7 +226,6 @@
|
| hashItem.len = sizeof(SSL3Hashes);
|
| break;
|
| case CALG_DSS_SIGN:
|
| - /* TODO: Support CALG_ECDSA once tested */
|
| case CALG_ECDSA:
|
| if (keyAlg == CALG_ECDSA) {
|
| doDerEncode = PR_TRUE;
|
| @@ -238,7 +242,7 @@
|
| }
|
| PRINT_BUF(60, (NULL, "hash(es) to be signed", hashItem.data, hashItem.len));
|
|
|
| - if (!CryptCreateHash(key, hashAlg, 0, 0, &hHash)) {
|
| + if (!CryptCreateHash(key->hCryptProv, hashAlg, 0, 0, &hHash)) {
|
| ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE);
|
| goto done;
|
| }
|
| @@ -255,7 +259,7 @@
|
| ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE);
|
| goto done;
|
| }
|
| - if (!CryptSignHash(hHash, keySpec, NULL, CRYPT_NOHASHOID,
|
| + if (!CryptSignHash(hHash, key->dwKeySpec, NULL, CRYPT_NOHASHOID,
|
| NULL, &signatureLen) || signatureLen == 0) {
|
| ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE);
|
| goto done;
|
| @@ -264,7 +268,7 @@
|
| if (!buf->data)
|
| goto done; /* error code was set. */
|
|
|
| - if (!CryptSignHash(hHash, keySpec, NULL, CRYPT_NOHASHOID,
|
| + if (!CryptSignHash(hHash, key->dwKeySpec, NULL, CRYPT_NOHASHOID,
|
| (BYTE*)buf->data, &signatureLen)) {
|
| ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE);
|
| goto done;
|
|
|
Chromium Code Reviews
Issue 6476014:
Merge 73913 - When performing SSL client authentication on Windows via NSS, c... (Closed)
Base URL: svn://svn.chromium.org/chrome/branches/648/src/