Use the new PK11_ExportDERPrivateKeyInfo function when using bundled …

…NSS. Update nss_revision to r259440, which includes the following CL: Add PK11_ExportDERPrivateKeyInfo and PK11_ExportPrivKeyInfo. https://codereview.chromium.org/205343004 R=eroman@chromium.org,rsleevi@chromium.org BUG=245025 Review URL: https://codereview.chromium.org/197873040 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@259797 0039d316-1c4b-4281-b951-d872f2087c98
hylschwy · Mar 27, 2014 · 796d76d · 796d76d
1 parent 1c9b1cc
commit 796d76d
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 2 deletions.
diff --git a/DEPS b/DEPS
@@ -57,7 +57,7 @@ vars = {
   # and V8 without interference from each other.
   "webrtc_revision": "5793",
   "jsoncpp_revision": "248",
-  "nss_revision": "258808",
+  "nss_revision": "259440",
   # Three lines of non-changing comments so that
   # the commit queue can handle CLs rolling swarming_client
   # and whatever else without interference from each other.

diff --git a/content/child/webcrypto/platform_crypto_nss.cc b/content/child/webcrypto/platform_crypto_nss.cc
@@ -8,7 +8,6 @@
 #include <pk11pub.h>
 #include <secerr.h>
 #include <sechash.h>
-#include <secoid.h>
 
 #include <vector>
 
@@ -26,6 +25,7 @@
 
 #if defined(USE_NSS)
 #include <dlfcn.h>
+#include <secoid.h>
 #endif
 
 // At the time of this writing:
@@ -546,6 +546,10 @@ void CopySECItemToVector(const SECItem& item, std::vector<uint8>* out) {
   out->assign(item.data, item.data + item.len);
 }
 
+// The system NSS library doesn't have the new PK11_ExportDERPrivateKeyInfo
+// function yet (https://bugzilla.mozilla.org/show_bug.cgi?id=519255). So we
+// provide a fallback implementation.
+#if defined(USE_NSS)
 // From PKCS#1 [http://tools.ietf.org/html/rfc3447]:
 //
 //    RSAPrivateKey ::= SEQUENCE {
@@ -655,6 +659,7 @@ struct FreeRsaPrivateKey {
     SECITEM_FreeItem(&out->coefficient, PR_FALSE);
   }
 };
+#endif  // defined(USE_NSS)
 
 }  // namespace
 
@@ -821,6 +826,8 @@ Status ExportKeyPkcs8(PrivateKey* key,
       key_algorithm.id() != blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5)
     return Status::ErrorUnsupported();
 
+#if defined(USE_NSS)
+  // PK11_ExportDERPrivateKeyInfo isn't available. Use our fallback code.
   const SECOidTag algorithm = SEC_OID_PKCS1_RSA_ENCRYPTION;
   const int kPrivateKeyInfoVersion = 0;
 
@@ -856,6 +863,10 @@ Status ExportKeyPkcs8(PrivateKey* key,
                          NULL,
                          &private_key_info,
                          SEC_ASN1_GET(SECKEY_PrivateKeyInfoTemplate)));
+#else  // defined(USE_NSS)
+  crypto::ScopedSECItem encoded_key(
+      PK11_ExportDERPrivateKeyInfo(key->key(), NULL));
+#endif  // defined(USE_NSS)
 
   if (!encoded_key.get())
     return Status::Error();