From 796d76d2449e981d446399dce91cbd4ebfd70c2b Mon Sep 17 00:00:00 2001
From: "wtc@chromium.org"
 <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Thu, 27 Mar 2014 05:41:29 +0000
Subject: [PATCH] Use the new PK11_ExportDERPrivateKeyInfo function when using
 bundled NSS.

Update nss_revision to r259440, which includes the following CL:

Add PK11_ExportDERPrivateKeyInfo and PK11_ExportPrivKeyInfo.
https://codereview.chromium.org/205343004

R=eroman@chromium.org,rsleevi@chromium.org
BUG=245025

Review URL: https://codereview.chromium.org/197873040

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@259797 0039d316-1c4b-4281-b951-d872f2087c98
---
 DEPS                                           |  2 +-
 content/child/webcrypto/platform_crypto_nss.cc | 13 ++++++++++++-
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/DEPS b/DEPS
index 83644e61f25223..8a994fcb3ef051 100644
--- a/DEPS
+++ b/DEPS
@@ -57,7 +57,7 @@ vars = {
   # and V8 without interference from each other.
   "webrtc_revision": "5793",
   "jsoncpp_revision": "248",
-  "nss_revision": "258808",
+  "nss_revision": "259440",
   # Three lines of non-changing comments so that
   # the commit queue can handle CLs rolling swarming_client
   # and whatever else without interference from each other.
diff --git a/content/child/webcrypto/platform_crypto_nss.cc b/content/child/webcrypto/platform_crypto_nss.cc
index 13f5735bcc1c43..3f5a2721df5b93 100644
--- a/content/child/webcrypto/platform_crypto_nss.cc
+++ b/content/child/webcrypto/platform_crypto_nss.cc
@@ -8,7 +8,6 @@
 #include <pk11pub.h>
 #include <secerr.h>
 #include <sechash.h>
-#include <secoid.h>
 
 #include <vector>
 
@@ -26,6 +25,7 @@
 
 #if defined(USE_NSS)
 #include <dlfcn.h>
+#include <secoid.h>
 #endif
 
 // At the time of this writing:
@@ -546,6 +546,10 @@ void CopySECItemToVector(const SECItem& item, std::vector<uint8>* out) {
   out->assign(item.data, item.data + item.len);
 }
 
+// The system NSS library doesn't have the new PK11_ExportDERPrivateKeyInfo
+// function yet (https://bugzilla.mozilla.org/show_bug.cgi?id=519255). So we
+// provide a fallback implementation.
+#if defined(USE_NSS)
 // From PKCS#1 [http://tools.ietf.org/html/rfc3447]:
 //
 //    RSAPrivateKey ::= SEQUENCE {
@@ -655,6 +659,7 @@ struct FreeRsaPrivateKey {
     SECITEM_FreeItem(&out->coefficient, PR_FALSE);
   }
 };
+#endif  // defined(USE_NSS)
 
 }  // namespace
 
@@ -821,6 +826,8 @@ Status ExportKeyPkcs8(PrivateKey* key,
       key_algorithm.id() != blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5)
     return Status::ErrorUnsupported();
 
+#if defined(USE_NSS)
+  // PK11_ExportDERPrivateKeyInfo isn't available. Use our fallback code.
   const SECOidTag algorithm = SEC_OID_PKCS1_RSA_ENCRYPTION;
   const int kPrivateKeyInfoVersion = 0;
 
@@ -856,6 +863,10 @@ Status ExportKeyPkcs8(PrivateKey* key,
                          NULL,
                          &private_key_info,
                          SEC_ASN1_GET(SECKEY_PrivateKeyInfoTemplate)));
+#else  // defined(USE_NSS)
+  crypto::ScopedSECItem encoded_key(
+      PK11_ExportDERPrivateKeyInfo(key->key(), NULL));
+#endif  // defined(USE_NSS)
 
   if (!encoded_key.get())
     return Status::Error();