diff options
| author | Miklos Vajna <vmiklos@collabora.co.uk> | 2018-05-29 20:54:52 +0200 |
|---|---|---|
| committer | Miklos Vajna <vmiklos@collabora.co.uk> | 2018-05-30 09:04:28 +0200 |
| commit | 93e33ba279e837356e157745177d7f6061d442b7 (patch) | |
| tree | 34dcb184e79213d3fdd17df971139fe3a0ef906c /svl | |
| parent | 5f4d499493c68e52977543c3abc6713518e5e000 (diff) | |
xmlsecurity windows: let cert picker and PDF sign find ECDSA keys
Need to incrementally migrate the remaining places (ODF, OOXML signing)
to CNG, then flip the default. SVL_CRYPTO_CNG=1 is needed till then.
(The testcase passes with and without the fix when SVL_CRYPTO_CNG is not
specified; it fails without the fix when SVL_CRYPTO_CNG is specified.)
Change-Id: Ide9d3b109bbd955a9cb83b18bba6aa72269f4d34
Reviewed-on: https://gerrit.libreoffice.org/55030
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Diffstat (limited to 'svl')
| -rw-r--r-- | svl/source/crypto/cryptosign.cxx | 25 |
1 files changed, 21 insertions, 4 deletions
diff --git a/svl/source/crypto/cryptosign.cxx b/svl/source/crypto/cryptosign.cxx index 96c349d68861..c7e62d58f836 100644 --- a/svl/source/crypto/cryptosign.cxx +++ b/svl/source/crypto/cryptosign.cxx @@ -1401,14 +1401,22 @@ bool Signing::Sign(OStringBuffer& rCMSHexBuffer) aPara.cMsgCert = 1; aPara.rgpMsgCert = &pCertContext; - HCRYPTPROV hCryptProv; + HCRYPTPROV hCryptProv = 0; + NCRYPT_KEY_HANDLE hCryptKey = 0; + DWORD dwFlags = CRYPT_ACQUIRE_CACHE_FLAG; + HCRYPTPROV_OR_NCRYPT_KEY_HANDLE* phCryptProvOrNCryptKey = &hCryptProv; + if (svl::crypto::isMSCng()) + { + dwFlags |= CRYPT_ACQUIRE_ONLY_NCRYPT_KEY_FLAG; + phCryptProvOrNCryptKey = &hCryptKey; + } DWORD nKeySpec; BOOL bFreeNeeded; if (!CryptAcquireCertificatePrivateKey(pCertContext, - CRYPT_ACQUIRE_CACHE_FLAG, + dwFlags, nullptr, - &hCryptProv, + phCryptProvOrNCryptKey, &nKeySpec, &bFreeNeeded)) { @@ -1423,7 +1431,10 @@ bool Signing::Sign(OStringBuffer& rCMSHexBuffer) memset(&aSignerInfo, 0, sizeof(aSignerInfo)); aSignerInfo.cbSize = sizeof(aSignerInfo); aSignerInfo.pCertInfo = pCertContext->pCertInfo; - aSignerInfo.hCryptProv = hCryptProv; + if (!svl::crypto::isMSCng()) + aSignerInfo.hCryptProv = hCryptProv; + else + aSignerInfo.hNCryptKey = hCryptKey; aSignerInfo.dwKeySpec = nKeySpec; aSignerInfo.HashAlgorithm.pszObjId = const_cast<LPSTR>(szOID_NIST_sha256); aSignerInfo.HashAlgorithm.Parameters.cbData = 0; @@ -2409,6 +2420,12 @@ bool Signing::Verify(SvStream& rStream, #endif } +bool isMSCng() +{ + static bool bMSCng = getenv("SVL_CRYPTO_CNG"); + return bMSCng; +} + } } |