[Libreoffice-commits] core.git: include/svl svl/source xmlsecurity/source
Libreoffice Gerrit user
logerrit at kemper.freedesktop.org
Thu Aug 9 07:14:17 UTC 2018
include/svl/cryptosign.hxx | 3
svl/source/crypto/cryptosign.cxx | 21 -----
xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx | 36 ++--------
3 files changed, 12 insertions(+), 48 deletions(-)
New commits:
commit 954f59db6cddc79d1f629fafc53ad20b6c4a14de
Author: Miklos Vajna <vmiklos at collabora.co.uk>
AuthorDate: Wed Aug 8 23:10:52 2018 +0200
Commit: Miklos Vajna <vmiklos at collabora.co.uk>
CommitDate: Thu Aug 9 09:13:51 2018 +0200
svl windows: remove last traces of pre-CNG signing
Mostly only the certificate selector was left + the global runtime switch.
Change-Id: I11e8e0920806eb61848512df6dea48c594febfe4
Reviewed-on: https://gerrit.libreoffice.org/58751
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos at collabora.co.uk>
diff --git a/include/svl/cryptosign.hxx b/include/svl/cryptosign.hxx
index b70b995b23b9..eacb4d78af25 100644
--- a/include/svl/cryptosign.hxx
+++ b/include/svl/cryptosign.hxx
@@ -86,9 +86,6 @@ private:
OUString m_aSignPassword;
};
-/// Decides if SVL_CRYPTO_MSCRYPTO uses the new CNG API or not.
-SVL_DLLPUBLIC bool isMSCng();
-
}
}
diff --git a/svl/source/crypto/cryptosign.cxx b/svl/source/crypto/cryptosign.cxx
index a9258a5c607c..0e86664c28c1 100644
--- a/svl/source/crypto/cryptosign.cxx
+++ b/svl/source/crypto/cryptosign.cxx
@@ -1402,15 +1402,9 @@ bool Signing::Sign(OStringBuffer& rCMSHexBuffer)
aPara.cMsgCert = 1;
aPara.rgpMsgCert = &pCertContext;
- HCRYPTPROV hCryptProv = 0;
NCRYPT_KEY_HANDLE hCryptKey = 0;
- DWORD dwFlags = CRYPT_ACQUIRE_CACHE_FLAG;
- HCRYPTPROV_OR_NCRYPT_KEY_HANDLE* phCryptProvOrNCryptKey = &hCryptProv;
- if (svl::crypto::isMSCng())
- {
- dwFlags |= CRYPT_ACQUIRE_ONLY_NCRYPT_KEY_FLAG;
- phCryptProvOrNCryptKey = &hCryptKey;
- }
+ DWORD dwFlags = CRYPT_ACQUIRE_CACHE_FLAG | CRYPT_ACQUIRE_ONLY_NCRYPT_KEY_FLAG;
+ HCRYPTPROV_OR_NCRYPT_KEY_HANDLE* phCryptProvOrNCryptKey = &hCryptKey;
DWORD nKeySpec;
BOOL bFreeNeeded;
@@ -1432,10 +1426,7 @@ bool Signing::Sign(OStringBuffer& rCMSHexBuffer)
memset(&aSignerInfo, 0, sizeof(aSignerInfo));
aSignerInfo.cbSize = sizeof(aSignerInfo);
aSignerInfo.pCertInfo = pCertContext->pCertInfo;
- if (!svl::crypto::isMSCng())
- aSignerInfo.hCryptProv = hCryptProv;
- else
- aSignerInfo.hNCryptKey = hCryptKey;
+ aSignerInfo.hNCryptKey = hCryptKey;
aSignerInfo.dwKeySpec = nKeySpec;
aSignerInfo.HashAlgorithm.pszObjId = const_cast<LPSTR>(szOID_NIST_sha256);
aSignerInfo.HashAlgorithm.Parameters.cbData = 0;
@@ -2421,12 +2412,6 @@ bool Signing::Verify(SvStream& rStream,
#endif
}
-bool isMSCng()
-{
- static bool bNoMSCng = getenv("SVL_CRYPTO_NOCNG");
- return !bNoMSCng;
-}
-
}
}
diff --git a/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx b/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx
index 9e2ccf928a08..b03a4945f42d 100644
--- a/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx
+++ b/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx
@@ -344,7 +344,6 @@ uno::Sequence< uno::Reference < XCertificate > > SecurityEnvironment_MSCryptImpl
if( m_bEnableDefault ) {
HCERTSTORE hSystemKeyStore ;
DWORD dwKeySpec;
- HCRYPTPROV hCryptProv;
NCRYPT_KEY_HANDLE hCryptKey;
#ifdef SAL_LOG_INFO
@@ -357,13 +356,8 @@ uno::Sequence< uno::Reference < XCertificate > > SecurityEnvironment_MSCryptImpl
while (pCertContext)
{
// for checking whether the certificate is a personal certificate or not.
- DWORD dwFlags = CRYPT_ACQUIRE_COMPARE_KEY_FLAG;
- HCRYPTPROV_OR_NCRYPT_KEY_HANDLE* phCryptProvOrNCryptKey = &hCryptProv;
- if (svl::crypto::isMSCng())
- {
- dwFlags |= CRYPT_ACQUIRE_ONLY_NCRYPT_KEY_FLAG;
- phCryptProvOrNCryptKey = &hCryptKey;
- }
+ DWORD dwFlags = CRYPT_ACQUIRE_COMPARE_KEY_FLAG | CRYPT_ACQUIRE_ONLY_NCRYPT_KEY_FLAG;
+ HCRYPTPROV_OR_NCRYPT_KEY_HANDLE* phCryptProvOrNCryptKey = &hCryptKey;
if(!(CryptAcquireCertificatePrivateKey(pCertContext,
dwFlags,
nullptr,
@@ -977,15 +971,9 @@ sal_Int32 SecurityEnvironment_MSCryptImpl::getCertificateCharacters( const css::
{
BOOL fCallerFreeProv ;
DWORD dwKeySpec ;
- HCRYPTPROV hProv ;
NCRYPT_KEY_HANDLE hKey = 0;
- DWORD dwFlags = 0;
- HCRYPTPROV_OR_NCRYPT_KEY_HANDLE* phCryptProvOrNCryptKey = &hProv;
- if (svl::crypto::isMSCng())
- {
- dwFlags |= CRYPT_ACQUIRE_ONLY_NCRYPT_KEY_FLAG;
- phCryptProvOrNCryptKey = &hKey;
- }
+ DWORD dwFlags = CRYPT_ACQUIRE_ONLY_NCRYPT_KEY_FLAG;
+ HCRYPTPROV_OR_NCRYPT_KEY_HANDLE* phCryptProvOrNCryptKey = &hKey;
if( CryptAcquireCertificatePrivateKey( pCertContext ,
dwFlags,
nullptr ,
@@ -995,9 +983,7 @@ sal_Int32 SecurityEnvironment_MSCryptImpl::getCertificateCharacters( const css::
) {
characters |= css::security::CertificateCharacters::HAS_PRIVATE_KEY ;
- if( hProv != NULL && fCallerFreeProv )
- CryptReleaseContext( hProv, 0 ) ;
- else if (hKey && fCallerFreeProv)
+ if (hKey && fCallerFreeProv)
NCryptFreeObject(hKey);
} else {
characters &= ~ css::security::CertificateCharacters::HAS_PRIVATE_KEY ;
@@ -1056,8 +1042,7 @@ xmlSecKeysMngrPtr SecurityEnvironment_MSCryptImpl::createKeysManager() {
m_hMySystemStore = nullptr;
throw uno::RuntimeException() ;
}
- if (svl::crypto::isMSCng())
- m_hMySystemStore = nullptr;
+ m_hMySystemStore = nullptr;
}
//Add system root store into the keys manager.
@@ -1068,8 +1053,7 @@ xmlSecKeysMngrPtr SecurityEnvironment_MSCryptImpl::createKeysManager() {
m_hRootSystemStore = nullptr;
throw uno::RuntimeException() ;
}
- if (svl::crypto::isMSCng())
- m_hRootSystemStore = nullptr;
+ m_hRootSystemStore = nullptr;
}
//Add system trusted store into the keys manager.
@@ -1080,8 +1064,7 @@ xmlSecKeysMngrPtr SecurityEnvironment_MSCryptImpl::createKeysManager() {
m_hTrustSystemStore = nullptr;
throw uno::RuntimeException() ;
}
- if (svl::crypto::isMSCng())
- m_hTrustSystemStore = nullptr;
+ m_hTrustSystemStore = nullptr;
}
//Add system CA store into the keys manager.
@@ -1092,8 +1075,7 @@ xmlSecKeysMngrPtr SecurityEnvironment_MSCryptImpl::createKeysManager() {
m_hCaSystemStore = nullptr;
throw uno::RuntimeException() ;
}
- if (svl::crypto::isMSCng())
- m_hCaSystemStore = nullptr;
+ m_hCaSystemStore = nullptr;
}
}
More information about the Libreoffice-commits
mailing list