summaryrefslogtreecommitdiffstats
path: root/components
diff options
context:
space:
mode:
authorspang <spang@chromium.org>2015-05-01 14:01:57 -0700
committerCommit bot <commit-bot@chromium.org>2015-05-01 21:02:38 +0000
commit9ce3458d9a03b38ca717291d08d564e12fd8254a (patch)
treeb0f4570294cfb11e72f16cf0e424f40313ff2fdb /components
parentc10dfc7c662c078a7310e6c7d6041763150ce494 (diff)
downloadchromium_src-9ce3458d9a03b38ca717291d08d564e12fd8254a.zip
chromium_src-9ce3458d9a03b38ca717291d08d564e12fd8254a.tar.gz
chromium_src-9ce3458d9a03b38ca717291d08d564e12fd8254a.tar.bz2
Revert of Don't use RSAPrivateKey in NSS integration code. (patchset #6 id:100001 of https://codereview.chromium.org/1106103003/)
Reason for revert: Causes SEGV during login on Chrome OS BUG=483606 Original issue's description: > Don't use RSAPrivateKey in NSS integration code. > > Currently some NSS platform integration logic transits private keys through > RSAPrivateKey on CrOS. This prevents incrementally switching RSAPrivateKey to > BoringSSL while keeping platform integrations on NSS. > > The intent of this change is to clarify RSAPrivateKey as a BoringSSL vs NSS > internal crypto library (use_openssl=0 vs use_openssl=1) abstraction. It's > primarily to be used with SignatureCreator. Code which uses NSS based on > use_nss_certs rather than use_openssl because the underlying platform is NSS > should call NSS routines directly, or introduce different abstractions. > > Remove the problematic RSAPrivateKey methods and instead add > crypto/nss_key_util.h which contains some helper functions for manipulating NSS > keys. This is sufficient to allow consumers of the removed methods to use NSS > directly with about as much code. (This should not set back migrating that > logic to NSS as that code was already very NSS-specific; those APIs assumed > PK11SlotInfo.) > > nss_key_util.h, like nss_util.h, is built whenever NSS is used either > internally or for platform integrations. This is so rsa_private_key_nss.cc can > continue to use the helper functions to implement the NSS-agnostic interface. > > With this, the chimera CrOS configuration should build. The RSAPrivateKey logic > is functional with the exception of some logic in components/ownership. That > will be resolved in a future CL. > > BUG=478777 > > Committed: https://crrev.com/a46a990b2ccae2b66e87b5f76d2866044dc3182e > Cr-Commit-Position: refs/heads/master@{#327909} TBR=rsleevi@chromium.org,pneubeck@chromium.org,dpolukhin@chromium.org,caitkp@chromium.org,davidben@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=483606 Review URL: https://codereview.chromium.org/1118263003 Cr-Commit-Position: refs/heads/master@{#327978}
Diffstat (limited to 'components')
-rw-r--r--components/ownership.gypi5
-rw-r--r--components/ownership/BUILD.gn5
-rw-r--r--components/ownership/owner_key_util_impl.cc18
3 files changed, 1 insertions, 27 deletions
diff --git a/components/ownership.gypi b/components/ownership.gypi
index 4784259..0b95fe2 100644
--- a/components/ownership.gypi
+++ b/components/ownership.gypi
@@ -35,11 +35,6 @@
'<(DEPTH)/components/components.gyp:policy',
],
}],
- ['use_nss_certs==1', {
- 'dependencies': [
- '../build/linux/system.gyp:ssl',
- ],
- }],
],
}],
}
diff --git a/components/ownership/BUILD.gn b/components/ownership/BUILD.gn
index cdaf227..1bca927 100644
--- a/components/ownership/BUILD.gn
+++ b/components/ownership/BUILD.gn
@@ -2,7 +2,6 @@
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
-import("//build/config/crypto.gni")
import("//build/config/features.gni")
component("ownership") {
@@ -30,10 +29,6 @@ component("ownership") {
if (enable_configuration_policy) {
deps += [ "//components/policy" ]
}
-
- if (use_nss_certs) {
- deps += [ "//crypto:platform" ]
- }
}
source_set("unit_tests") {
diff --git a/components/ownership/owner_key_util_impl.cc b/components/ownership/owner_key_util_impl.cc
index cab5ffa..bc7208e 100644
--- a/components/ownership/owner_key_util_impl.cc
+++ b/components/ownership/owner_key_util_impl.cc
@@ -8,12 +8,7 @@
#include "base/files/file_util.h"
#include "base/logging.h"
-
-#if defined(USE_NSS_CERTS)
-#include <keythi.h>
-#include "crypto/nss_key_util.h"
#include "crypto/rsa_private_key.h"
-#endif
namespace ownership {
@@ -59,18 +54,7 @@ bool OwnerKeyUtilImpl::ImportPublicKey(std::vector<uint8>* output) {
crypto::RSAPrivateKey* OwnerKeyUtilImpl::FindPrivateKeyInSlot(
const std::vector<uint8>& key,
PK11SlotInfo* slot) {
- crypto::ScopedSECKEYPrivateKey private_key(
- crypto::FindNSSKeyFromPublicKeyInfoInSlot(key, slot));
- if (!private_key || SECKEY_GetPrivateKeyType(private_key.get()) != rsaKey)
- return nullptr;
-#if defined(USE_OPENSSL)
- // TODO(davidben): This assumes that crypto::RSAPrivateKey also uses NSS.
- // https://crbug.com/478777
- NOTIMPLEMENTED();
- return nullptr;
-#else
- return crypto::RSAPrivateKey::CreateFromKey(private_key.get());
-#endif
+ return crypto::RSAPrivateKey::FindFromPublicKeyInfoInSlot(key, slot);
}
#endif // defined(USE_NSS_CERTS)