[Libreoffice-commits] core.git: include/svl svl/source xmlsecurity/source

Libreoffice Gerrit user logerrit at kemper.freedesktop.org
Thu Aug 9 07:14:17 UTC 2018 

 include/svl/cryptosign.hxx                                            |    3 
 svl/source/crypto/cryptosign.cxx                                      |   21 -----
 xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx |   36 ++--------
 3 files changed, 12 insertions(+), 48 deletions(-)

New commits:
commit 954f59db6cddc79d1f629fafc53ad20b6c4a14de
Author:     Miklos Vajna <vmiklos at collabora.co.uk>
AuthorDate: Wed Aug 8 23:10:52 2018 +0200
Commit:     Miklos Vajna <vmiklos at collabora.co.uk>
CommitDate: Thu Aug 9 09:13:51 2018 +0200

    svl windows: remove last traces of pre-CNG signing
    
    Mostly only the certificate selector was left + the global runtime switch.
    
    Change-Id: I11e8e0920806eb61848512df6dea48c594febfe4
    Reviewed-on: https://gerrit.libreoffice.org/58751
    Tested-by: Jenkins
    Reviewed-by: Miklos Vajna <vmiklos at collabora.co.uk>

diff --git a/include/svl/cryptosign.hxx b/include/svl/cryptosign.hxx
index b70b995b23b9..eacb4d78af25 100644
--- a/include/svl/cryptosign.hxx
+++ b/include/svl/cryptosign.hxx
@@ -86,9 +86,6 @@ private:
     OUString m_aSignPassword;
 };
 
-/// Decides if SVL_CRYPTO_MSCRYPTO uses the new CNG API or not.
-SVL_DLLPUBLIC bool isMSCng();
-
 }
 }
 
diff --git a/svl/source/crypto/cryptosign.cxx b/svl/source/crypto/cryptosign.cxx
index a9258a5c607c..0e86664c28c1 100644
--- a/svl/source/crypto/cryptosign.cxx
+++ b/svl/source/crypto/cryptosign.cxx
@@ -1402,15 +1402,9 @@ bool Signing::Sign(OStringBuffer& rCMSHexBuffer)
     aPara.cMsgCert = 1;
     aPara.rgpMsgCert = &pCertContext;
 
-    HCRYPTPROV hCryptProv = 0;
     NCRYPT_KEY_HANDLE hCryptKey = 0;
-    DWORD dwFlags = CRYPT_ACQUIRE_CACHE_FLAG;
-    HCRYPTPROV_OR_NCRYPT_KEY_HANDLE* phCryptProvOrNCryptKey = &hCryptProv;
-    if (svl::crypto::isMSCng())
-    {
-        dwFlags |= CRYPT_ACQUIRE_ONLY_NCRYPT_KEY_FLAG;
-        phCryptProvOrNCryptKey = &hCryptKey;
-    }
+    DWORD dwFlags = CRYPT_ACQUIRE_CACHE_FLAG | CRYPT_ACQUIRE_ONLY_NCRYPT_KEY_FLAG;
+    HCRYPTPROV_OR_NCRYPT_KEY_HANDLE* phCryptProvOrNCryptKey = &hCryptKey;
     DWORD nKeySpec;
     BOOL bFreeNeeded;
 
@@ -1432,10 +1426,7 @@ bool Signing::Sign(OStringBuffer& rCMSHexBuffer)
     memset(&aSignerInfo, 0, sizeof(aSignerInfo));
     aSignerInfo.cbSize = sizeof(aSignerInfo);
     aSignerInfo.pCertInfo = pCertContext->pCertInfo;
-    if (!svl::crypto::isMSCng())
-        aSignerInfo.hCryptProv = hCryptProv;
-    else
-        aSignerInfo.hNCryptKey = hCryptKey;
+    aSignerInfo.hNCryptKey = hCryptKey;
     aSignerInfo.dwKeySpec = nKeySpec;
     aSignerInfo.HashAlgorithm.pszObjId = const_cast<LPSTR>(szOID_NIST_sha256);
     aSignerInfo.HashAlgorithm.Parameters.cbData = 0;
@@ -2421,12 +2412,6 @@ bool Signing::Verify(SvStream& rStream,
 #endif
 }
 
-bool isMSCng()
-{
-    static bool bNoMSCng = getenv("SVL_CRYPTO_NOCNG");
-    return !bNoMSCng;
-}
-
 }
 
 }
diff --git a/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx b/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx
index 9e2ccf928a08..b03a4945f42d 100644
--- a/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx
+++ b/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx
@@ -344,7 +344,6 @@ uno::Sequence< uno::Reference < XCertificate > > SecurityEnvironment_MSCryptImpl
     if( m_bEnableDefault ) {
         HCERTSTORE hSystemKeyStore ;
         DWORD      dwKeySpec;
-        HCRYPTPROV hCryptProv;
         NCRYPT_KEY_HANDLE hCryptKey;
 
 #ifdef SAL_LOG_INFO
@@ -357,13 +356,8 @@ uno::Sequence< uno::Reference < XCertificate > > SecurityEnvironment_MSCryptImpl
             while (pCertContext)
             {
                 // for checking whether the certificate is a personal certificate or not.
-                DWORD dwFlags = CRYPT_ACQUIRE_COMPARE_KEY_FLAG;
-                HCRYPTPROV_OR_NCRYPT_KEY_HANDLE* phCryptProvOrNCryptKey = &hCryptProv;
-                if (svl::crypto::isMSCng())
-                {
-                    dwFlags |= CRYPT_ACQUIRE_ONLY_NCRYPT_KEY_FLAG;
-                    phCryptProvOrNCryptKey = &hCryptKey;
-                }
+                DWORD dwFlags = CRYPT_ACQUIRE_COMPARE_KEY_FLAG | CRYPT_ACQUIRE_ONLY_NCRYPT_KEY_FLAG;
+                HCRYPTPROV_OR_NCRYPT_KEY_HANDLE* phCryptProvOrNCryptKey = &hCryptKey;
                 if(!(CryptAcquireCertificatePrivateKey(pCertContext,
                         dwFlags,
                         nullptr,
@@ -977,15 +971,9 @@ sal_Int32 SecurityEnvironment_MSCryptImpl::getCertificateCharacters( const css::
     {
         BOOL    fCallerFreeProv ;
         DWORD   dwKeySpec ;
-        HCRYPTPROV  hProv ;
         NCRYPT_KEY_HANDLE hKey = 0;
-        DWORD dwFlags = 0;
-        HCRYPTPROV_OR_NCRYPT_KEY_HANDLE* phCryptProvOrNCryptKey = &hProv;
-        if (svl::crypto::isMSCng())
-        {
-            dwFlags |= CRYPT_ACQUIRE_ONLY_NCRYPT_KEY_FLAG;
-            phCryptProvOrNCryptKey = &hKey;
-        }
+        DWORD dwFlags = CRYPT_ACQUIRE_ONLY_NCRYPT_KEY_FLAG;
+        HCRYPTPROV_OR_NCRYPT_KEY_HANDLE* phCryptProvOrNCryptKey = &hKey;
         if( CryptAcquireCertificatePrivateKey( pCertContext ,
                    dwFlags,
                    nullptr ,
@@ -995,9 +983,7 @@ sal_Int32 SecurityEnvironment_MSCryptImpl::getCertificateCharacters( const css::
         ) {
             characters |=  css::security::CertificateCharacters::HAS_PRIVATE_KEY ;
 
-            if( hProv != NULL && fCallerFreeProv )
-                CryptReleaseContext( hProv, 0 ) ;
-            else if (hKey && fCallerFreeProv)
+            if (hKey && fCallerFreeProv)
                 NCryptFreeObject(hKey);
         } else {
             characters &= ~ css::security::CertificateCharacters::HAS_PRIVATE_KEY ;
@@ -1056,8 +1042,7 @@ xmlSecKeysMngrPtr SecurityEnvironment_MSCryptImpl::createKeysManager() {
                 m_hMySystemStore = nullptr;
                 throw uno::RuntimeException() ;
             }
-            if (svl::crypto::isMSCng())
-                m_hMySystemStore = nullptr;
+            m_hMySystemStore = nullptr;
         }
 
         //Add system root store into the keys manager.
@@ -1068,8 +1053,7 @@ xmlSecKeysMngrPtr SecurityEnvironment_MSCryptImpl::createKeysManager() {
                 m_hRootSystemStore = nullptr;
                 throw uno::RuntimeException() ;
             }
-            if (svl::crypto::isMSCng())
-                m_hRootSystemStore = nullptr;
+            m_hRootSystemStore = nullptr;
         }
 
         //Add system trusted store into the keys manager.
@@ -1080,8 +1064,7 @@ xmlSecKeysMngrPtr SecurityEnvironment_MSCryptImpl::createKeysManager() {
                 m_hTrustSystemStore = nullptr;
                 throw uno::RuntimeException() ;
             }
-            if (svl::crypto::isMSCng())
-                m_hTrustSystemStore = nullptr;
+            m_hTrustSystemStore = nullptr;
         }
 
         //Add system CA store into the keys manager.
@@ -1092,8 +1075,7 @@ xmlSecKeysMngrPtr SecurityEnvironment_MSCryptImpl::createKeysManager() {
                 m_hCaSystemStore = nullptr;
                 throw uno::RuntimeException() ;
             }
-            if (svl::crypto::isMSCng())
-                m_hCaSystemStore = nullptr;
+            m_hCaSystemStore = nullptr;
         }
     }

More information about the Libreoffice-commits mailing list