diff options
author | spang <spang@chromium.org> | 2015-05-01 14:01:57 -0700 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2015-05-01 21:02:38 +0000 |
commit | 9ce3458d9a03b38ca717291d08d564e12fd8254a (patch) | |
tree | b0f4570294cfb11e72f16cf0e424f40313ff2fdb /components | |
parent | c10dfc7c662c078a7310e6c7d6041763150ce494 (diff) | |
download | chromium_src-9ce3458d9a03b38ca717291d08d564e12fd8254a.zip chromium_src-9ce3458d9a03b38ca717291d08d564e12fd8254a.tar.gz chromium_src-9ce3458d9a03b38ca717291d08d564e12fd8254a.tar.bz2 |
Revert of Don't use RSAPrivateKey in NSS integration code. (patchset #6 id:100001 of https://codereview.chromium.org/1106103003/)
Reason for revert:
Causes SEGV during login on Chrome OS
BUG=483606
Original issue's description:
> Don't use RSAPrivateKey in NSS integration code.
>
> Currently some NSS platform integration logic transits private keys through
> RSAPrivateKey on CrOS. This prevents incrementally switching RSAPrivateKey to
> BoringSSL while keeping platform integrations on NSS.
>
> The intent of this change is to clarify RSAPrivateKey as a BoringSSL vs NSS
> internal crypto library (use_openssl=0 vs use_openssl=1) abstraction. It's
> primarily to be used with SignatureCreator. Code which uses NSS based on
> use_nss_certs rather than use_openssl because the underlying platform is NSS
> should call NSS routines directly, or introduce different abstractions.
>
> Remove the problematic RSAPrivateKey methods and instead add
> crypto/nss_key_util.h which contains some helper functions for manipulating NSS
> keys. This is sufficient to allow consumers of the removed methods to use NSS
> directly with about as much code. (This should not set back migrating that
> logic to NSS as that code was already very NSS-specific; those APIs assumed
> PK11SlotInfo.)
>
> nss_key_util.h, like nss_util.h, is built whenever NSS is used either
> internally or for platform integrations. This is so rsa_private_key_nss.cc can
> continue to use the helper functions to implement the NSS-agnostic interface.
>
> With this, the chimera CrOS configuration should build. The RSAPrivateKey logic
> is functional with the exception of some logic in components/ownership. That
> will be resolved in a future CL.
>
> BUG=478777
>
> Committed: https://crrev.com/a46a990b2ccae2b66e87b5f76d2866044dc3182e
> Cr-Commit-Position: refs/heads/master@{#327909}
TBR=rsleevi@chromium.org,pneubeck@chromium.org,dpolukhin@chromium.org,caitkp@chromium.org,davidben@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=483606
Review URL: https://codereview.chromium.org/1118263003
Cr-Commit-Position: refs/heads/master@{#327978}
Diffstat (limited to 'components')
-rw-r--r-- | components/ownership.gypi | 5 | ||||
-rw-r--r-- | components/ownership/BUILD.gn | 5 | ||||
-rw-r--r-- | components/ownership/owner_key_util_impl.cc | 18 |
3 files changed, 1 insertions, 27 deletions
diff --git a/components/ownership.gypi b/components/ownership.gypi index 4784259..0b95fe2 100644 --- a/components/ownership.gypi +++ b/components/ownership.gypi @@ -35,11 +35,6 @@ '<(DEPTH)/components/components.gyp:policy', ], }], - ['use_nss_certs==1', { - 'dependencies': [ - '../build/linux/system.gyp:ssl', - ], - }], ], }], } diff --git a/components/ownership/BUILD.gn b/components/ownership/BUILD.gn index cdaf227..1bca927 100644 --- a/components/ownership/BUILD.gn +++ b/components/ownership/BUILD.gn @@ -2,7 +2,6 @@ # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. -import("//build/config/crypto.gni") import("//build/config/features.gni") component("ownership") { @@ -30,10 +29,6 @@ component("ownership") { if (enable_configuration_policy) { deps += [ "//components/policy" ] } - - if (use_nss_certs) { - deps += [ "//crypto:platform" ] - } } source_set("unit_tests") { diff --git a/components/ownership/owner_key_util_impl.cc b/components/ownership/owner_key_util_impl.cc index cab5ffa..bc7208e 100644 --- a/components/ownership/owner_key_util_impl.cc +++ b/components/ownership/owner_key_util_impl.cc @@ -8,12 +8,7 @@ #include "base/files/file_util.h" #include "base/logging.h" - -#if defined(USE_NSS_CERTS) -#include <keythi.h> -#include "crypto/nss_key_util.h" #include "crypto/rsa_private_key.h" -#endif namespace ownership { @@ -59,18 +54,7 @@ bool OwnerKeyUtilImpl::ImportPublicKey(std::vector<uint8>* output) { crypto::RSAPrivateKey* OwnerKeyUtilImpl::FindPrivateKeyInSlot( const std::vector<uint8>& key, PK11SlotInfo* slot) { - crypto::ScopedSECKEYPrivateKey private_key( - crypto::FindNSSKeyFromPublicKeyInfoInSlot(key, slot)); - if (!private_key || SECKEY_GetPrivateKeyType(private_key.get()) != rsaKey) - return nullptr; -#if defined(USE_OPENSSL) - // TODO(davidben): This assumes that crypto::RSAPrivateKey also uses NSS. - // https://crbug.com/478777 - NOTIMPLEMENTED(); - return nullptr; -#else - return crypto::RSAPrivateKey::CreateFromKey(private_key.get()); -#endif + return crypto::RSAPrivateKey::FindFromPublicKeyInfoInSlot(key, slot); } #endif // defined(USE_NSS_CERTS) |