bcrypt: Add separate backend functions for destroying symmetric/asymmetric keys.

Signed-off-by: Alexandre Julliard <julliard@winehq.org>
2020-09-29 14:16:17 +02:00 · 2020-09-29 14:16:17 +02:00 · f0e1384777
parent 4590465613
commit f0e1384777
4 changed files with 38 additions and 34 deletions
--- a/dlls/bcrypt/bcrypt_internal.h
+++ b/dlls/bcrypt/bcrypt_internal.h
@ -265,12 +265,12 @@ NTSTATUS key_symmetric_set_auth_data( struct key *, UCHAR *, ULONG ) DECLSPEC_HI
 NTSTATUS key_symmetric_encrypt( struct key *, const UCHAR *, ULONG, UCHAR *, ULONG ) DECLSPEC_HIDDEN;
 NTSTATUS key_symmetric_decrypt( struct key *, const UCHAR *, ULONG, UCHAR *, ULONG ) DECLSPEC_HIDDEN;
 NTSTATUS key_symmetric_get_tag( struct key *, UCHAR *, ULONG ) DECLSPEC_HIDDEN;
+void     key_symmetric_destroy( struct key * ) DECLSPEC_HIDDEN;
 NTSTATUS key_asymmetric_init( struct key * ) DECLSPEC_HIDDEN;
 NTSTATUS key_asymmetric_generate( struct key * ) DECLSPEC_HIDDEN;
 NTSTATUS key_asymmetric_sign( struct key *, void *, UCHAR *, ULONG, UCHAR *, ULONG, ULONG *, ULONG ) DECLSPEC_HIDDEN;
 NTSTATUS key_asymmetric_verify( struct key *, void *, UCHAR *, ULONG, UCHAR *, ULONG, DWORD ) DECLSPEC_HIDDEN;
-NTSTATUS key_destroy( struct key * ) DECLSPEC_HIDDEN;
-BOOL key_is_symmetric( struct key * ) DECLSPEC_HIDDEN;
+void     key_asymmetric_destroy( struct key * ) DECLSPEC_HIDDEN;
 NTSTATUS key_export_dsa_capi( struct key *, UCHAR *, ULONG, ULONG * ) DECLSPEC_HIDDEN;
 NTSTATUS key_export_ecc( struct key *, UCHAR *, ULONG, ULONG * ) DECLSPEC_HIDDEN;
 NTSTATUS key_import_dsa_capi( struct key *, UCHAR *, ULONG ) DECLSPEC_HIDDEN;
--- a/dlls/bcrypt/bcrypt_main.c
+++ b/dlls/bcrypt/bcrypt_main.c
@ -886,12 +886,12 @@ static NTSTATUS key_asymmetric_create( struct key **ret_key, struct algorithm *a
    return STATUS_SUCCESS;
 }

-#if defined(HAVE_GNUTLS_CIPHER_INIT) || defined(HAVE_COMMONCRYPTO_COMMONCRYPTOR_H) && MAC_OS_X_VERSION_MAX_ALLOWED >= 1080
-BOOL key_is_symmetric( struct key *key )
+static BOOL key_is_symmetric( struct key *key )
 {
    return builtin_algorithms[key->alg_id].class == BCRYPT_CIPHER_INTERFACE;
 }

+#if defined(HAVE_GNUTLS_CIPHER_INIT) || defined(HAVE_COMMONCRYPTO_COMMONCRYPTOR_H) && MAC_OS_X_VERSION_MAX_ALLOWED >= 1080
 static BOOL is_zero_vector( const UCHAR *vector, ULONG len )
 {
    ULONG i;
@ -1335,12 +1335,6 @@ NTSTATUS key_symmetric_init( struct key *key )
    return STATUS_NOT_IMPLEMENTED;
 }

-BOOL key_is_symmetric( struct key *key )
-{
-    ERR( "support for keys not available at build time\n" );
-    return FALSE;
-}
-
 NTSTATUS key_set_property( struct key *key, const WCHAR *prop, UCHAR *value, ULONG size, ULONG flags )
 {
    ERR( "support for keys not available at build time\n" );
@ -1392,10 +1386,14 @@ static NTSTATUS key_export( struct key *key, const WCHAR *type, UCHAR *output, U
    return STATUS_NOT_IMPLEMENTED;
 }

-NTSTATUS key_destroy( struct key *key )
+void key_symmetric_destroy( struct key *key )
+{
+    ERR( "support for keys not available at build time\n" );
+}
+
+void key_asymmetric_destroy( struct key *key )
 {
    ERR( "support for keys not available at build time\n" );
-    return STATUS_NOT_IMPLEMENTED;
 }

 static NTSTATUS key_encrypt( struct key *key,  UCHAR *input, ULONG input_len, void *padding, UCHAR *iv,
@ -1628,8 +1626,20 @@ NTSTATUS WINAPI BCryptDestroyKey( BCRYPT_KEY_HANDLE handle )
    TRACE( "%p\n", handle );

    if (!key || key->hdr.magic != MAGIC_KEY) return STATUS_INVALID_HANDLE;
+    if (key_is_symmetric( key ))
+    {
+        key_symmetric_destroy( key );
+        heap_free( key->u.s.vector );
+        heap_free( key->u.s.secret );
+    }
+    else
+    {
+        key_asymmetric_destroy( key );
+        heap_free( key->u.a.pubkey );
+    }
    key->hdr.magic = 0;
-    return key_destroy( key );
+    heap_free( key );
+    return STATUS_SUCCESS;
 }

 NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG input_len, void *padding, UCHAR *iv,
--- a/dlls/bcrypt/gnutls.c
+++ b/dlls/bcrypt/gnutls.c
@ -593,6 +593,11 @@ NTSTATUS key_symmetric_get_tag( struct key *key, UCHAR *tag, ULONG len )
    return STATUS_SUCCESS;
 }

+void key_symmetric_destroy( struct key *key )
+{
+    if (key->u.s.handle) pgnutls_cipher_deinit( key->u.s.handle );
+}
+
 static NTSTATUS export_gnutls_pubkey_rsa( gnutls_privkey_t gnutls_key, ULONG bitlen, UCHAR **pubkey, ULONG *pubkey_len )
 {
    BCRYPT_RSAKEY_BLOB *rsa_blob;
@ -1543,20 +1548,8 @@ NTSTATUS key_asymmetric_sign( struct key *key, void *padding, UCHAR *input, ULON
    return status;
 }

-NTSTATUS key_destroy( struct key *key )
+void key_asymmetric_destroy( struct key *key )
 {
-    if (key_is_symmetric( key ))
-    {
-        if (key->u.s.handle) pgnutls_cipher_deinit( key->u.s.handle );
-        heap_free( key->u.s.vector );
-        heap_free( key->u.s.secret );
-    }
-    else
-    {
    if (key->u.a.handle) pgnutls_privkey_deinit( key->u.a.handle );
-        heap_free( key->u.a.pubkey );
-    }
-    heap_free( key );
-    return STATUS_SUCCESS;
 }
 #endif
--- a/dlls/bcrypt/macos.c
+++ b/dlls/bcrypt/macos.c
@ -184,6 +184,12 @@ NTSTATUS key_symmetric_get_tag( struct key *key, UCHAR *tag, ULONG len )
    return STATUS_NOT_IMPLEMENTED;
 }

+void key_symmetric_destroy( struct key *key )
+{
+    if (key->u.s.ref_encrypt) CCCryptorRelease( key->u.s.ref_encrypt );
+    if (key->u.s.ref_decrypt) CCCryptorRelease( key->u.s.ref_decrypt );
+}
+
 NTSTATUS key_asymmetric_init( struct key *key )
 {
    FIXME( "not implemented on Mac\n" );
@ -234,13 +240,8 @@ NTSTATUS key_asymmetric_generate( struct key *key )
    return STATUS_NOT_IMPLEMENTED;
 }

-NTSTATUS key_destroy( struct key *key )
+void key_asymmetric_destroy( struct key *key )
 {
-    if (key->u.s.ref_encrypt) CCCryptorRelease( key->u.s.ref_encrypt );
-    if (key->u.s.ref_decrypt) CCCryptorRelease( key->u.s.ref_decrypt );
-    heap_free( key->u.s.vector );
-    heap_free( key->u.s.secret );
-    heap_free( key );
-    return STATUS_SUCCESS;
+    FIXME( "not implemented on Mac\n" );
 }
 #endif