Bug 1639302 - manually declare NCryptSignHash in osclientcerts; r=keeler
authorNathan Froyd <froydnj@mozilla.com>
Tue, 19 May 2020 19:16:36 +0000
changeset 531210 a1c6dd8c02e1b5d315d300be1c903d65ba284eea
parent 531209 141fda86ce584056961fbff02b1f6abb028a4d76
child 531211 df17138614f6799066a3a3097a54859fa26ff62f
push id37435
push userapavel@mozilla.com
push dateWed, 20 May 2020 15:28:23 +0000
treeherdermozilla-central@5415da14ec9a [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskeeler
bugs1639302
milestone78.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1639302 - manually declare NCryptSignHash in osclientcerts; r=keeler This function ought to be declared by `winapi`, but is not, for whatever reason. However, its definition is stable enough that we can just declare it inline rather than invoking bindgen every single build (and unnecessarily compiling a build script on non-windows platforms) to discover its definition for us. Differential Revision: https://phabricator.services.mozilla.com/D76015
Cargo.lock
security/manager/ssl/osclientcerts/Cargo.toml
security/manager/ssl/osclientcerts/build.rs
security/manager/ssl/osclientcerts/src/backend_windows.rs
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -3387,17 +3387,16 @@ checksum = "2f0015e9e8e28ee20c581cfbfe47
 dependencies = [
  "num-traits",
 ]
 
 [[package]]
 name = "osclientcerts-static"
 version = "0.1.4"
 dependencies = [
- "bindgen",
  "byteorder",
  "core-foundation",
  "env_logger",
  "lazy_static",
  "libloading",
  "log",
  "pkcs11",
  "rental",
--- a/security/manager/ssl/osclientcerts/Cargo.toml
+++ b/security/manager/ssl/osclientcerts/Cargo.toml
@@ -23,13 +23,10 @@ version = "0.5"
 
 [target."cfg(target_os = \"macos\")".dependencies.rental]
 version = "0.5"
 
 [target."cfg(target_os = \"windows\")".dependencies.winapi]
 version = "0.3"
 features = ["wincrypt"]
 
-[build-dependencies]
-bindgen = {version = "0.53", default-features = false, features = ["runtime"]} # disable `logging` to reduce code size
-
 [lib]
 crate-type = ["staticlib"]
deleted file mode 100644
--- a/security/manager/ssl/osclientcerts/build.rs
+++ /dev/null
@@ -1,24 +0,0 @@
-/* -*- Mode: rust; rust-indent-offset: 4 -*- */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-use bindgen;
-
-use std::env;
-use std::path::PathBuf;
-
-fn main() {
-    let target_os = env::var("CARGO_CFG_TARGET_OS").expect("CARGO_CFG_TARGET_OS unset?");
-    if target_os == "windows" {
-        let bindings = bindgen::Builder::default()
-            .header("src/wrapper-windows.h")
-            .whitelist_function("NCryptSignHash")
-            .generate()
-            .expect("Unable to generate bindings");
-        let out_path = PathBuf::from(env::var("OUT_DIR").expect("OUT_DIR unset?"));
-        bindings
-            .write_to_file(out_path.join("bindings.rs"))
-            .expect("Couldn't write bindings");
-    }
-}
--- a/security/manager/ssl/osclientcerts/src/backend_windows.rs
+++ b/security/manager/ssl/osclientcerts/src/backend_windows.rs
@@ -1,28 +1,42 @@
 /* -*- Mode: rust; rust-indent-offset: 4 -*- */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #![allow(non_camel_case_types)]
-include!(concat!(env!("OUT_DIR"), "/bindings.rs"));
 
 use pkcs11::types::*;
 use sha2::{Digest, Sha256};
 use std::convert::TryInto;
-use std::ffi::{CStr, CString};
+use std::ffi::{CStr, CString, c_void};
 use std::ops::Deref;
 use std::slice;
 use winapi::shared::bcrypt::*;
 use winapi::um::ncrypt::*;
 use winapi::um::wincrypt::*;
+use winapi::shared::minwindef::{DWORD, PBYTE};
 
 use crate::util::*;
 
+// winapi has some support for ncrypt.h, but not for this function.
+extern "system" {
+    fn NCryptSignHash(
+        hKey: NCRYPT_KEY_HANDLE,
+        pPaddingInfo: *mut c_void,
+        pbHashValue: PBYTE,
+        cbHashValue: DWORD,
+        pbSignature: PBYTE,
+        cbSignature: DWORD,
+        pcbResult: *mut DWORD,
+        dwFlags: DWORD,
+    ) -> SECURITY_STATUS;
+}
+
 /// Given a `CERT_INFO`, tries to return the bytes of the subject distinguished name as formatted by
 /// `CertNameToStrA` using the flag `CERT_SIMPLE_NAME_STR`. This is used as the label for the
 /// certificate.
 fn get_cert_subject_dn(cert_info: &CERT_INFO) -> Result<Vec<u8>, ()> {
     let mut cert_info_subject = cert_info.Subject;
     let subject_dn_len = unsafe {
         CertNameToStrA(
             X509_ASN_ENCODING,