svl windows: remove last traces of pre-CNG signing

Mostly only the certificate selector was left + the global runtime switch.

Change-Id: I11e8e0920806eb61848512df6dea48c594febfe4
Reviewed-on: https://gerrit.libreoffice.org/58751
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>

include/svl/cryptosign.hxx

@@ -86,9 +86,6 @@ private:
     OUString m_aSignPassword;
 };
 
-/// Decides if SVL_CRYPTO_MSCRYPTO uses the new CNG API or not.
-SVL_DLLPUBLIC bool isMSCng();
-
 }
 }
 

svl/source/crypto/cryptosign.cxx

@@ -1402,15 +1402,9 @@ bool Signing::Sign(OStringBuffer& rCMSHexBuffer)
     aPara.cMsgCert = 1;
     aPara.rgpMsgCert = &pCertContext;
 
-    HCRYPTPROV hCryptProv = 0;
     NCRYPT_KEY_HANDLE hCryptKey = 0;
-    DWORD dwFlags = CRYPT_ACQUIRE_CACHE_FLAG;
-    HCRYPTPROV_OR_NCRYPT_KEY_HANDLE* phCryptProvOrNCryptKey = &hCryptProv;
-    if (svl::crypto::isMSCng())
-    {
-        dwFlags |= CRYPT_ACQUIRE_ONLY_NCRYPT_KEY_FLAG;
-        phCryptProvOrNCryptKey = &hCryptKey;
-    }
+    DWORD dwFlags = CRYPT_ACQUIRE_CACHE_FLAG | CRYPT_ACQUIRE_ONLY_NCRYPT_KEY_FLAG;
+    HCRYPTPROV_OR_NCRYPT_KEY_HANDLE* phCryptProvOrNCryptKey = &hCryptKey;
     DWORD nKeySpec;
     BOOL bFreeNeeded;
 
@@ -1432,10 +1426,7 @@ bool Signing::Sign(OStringBuffer& rCMSHexBuffer)
     memset(&aSignerInfo, 0, sizeof(aSignerInfo));
     aSignerInfo.cbSize = sizeof(aSignerInfo);
     aSignerInfo.pCertInfo = pCertContext->pCertInfo;
-    if (!svl::crypto::isMSCng())
-        aSignerInfo.hCryptProv = hCryptProv;
-    else
-        aSignerInfo.hNCryptKey = hCryptKey;
+    aSignerInfo.hNCryptKey = hCryptKey;
     aSignerInfo.dwKeySpec = nKeySpec;
     aSignerInfo.HashAlgorithm.pszObjId = const_cast<LPSTR>(szOID_NIST_sha256);
     aSignerInfo.HashAlgorithm.Parameters.cbData = 0;
@@ -2421,12 +2412,6 @@ bool Signing::Verify(SvStream& rStream,
 #endif
 }
 
-bool isMSCng()
-{
-    static bool bNoMSCng = getenv("SVL_CRYPTO_NOCNG");
-    return !bNoMSCng;
-}
-
 }
 
 }

xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx

@@ -344,7 +344,6 @@ uno::Sequence< uno::Reference < XCertificate > > SecurityEnvironment_MSCryptImpl
     if( m_bEnableDefault ) {
         HCERTSTORE hSystemKeyStore ;
         DWORD      dwKeySpec;
-        HCRYPTPROV hCryptProv;
         NCRYPT_KEY_HANDLE hCryptKey;
 
 #ifdef SAL_LOG_INFO
@@ -357,13 +356,8 @@ uno::Sequence< uno::Reference < XCertificate > > SecurityEnvironment_MSCryptImpl
             while (pCertContext)
             {
                 // for checking whether the certificate is a personal certificate or not.
-                DWORD dwFlags = CRYPT_ACQUIRE_COMPARE_KEY_FLAG;
-                HCRYPTPROV_OR_NCRYPT_KEY_HANDLE* phCryptProvOrNCryptKey = &hCryptProv;
-                if (svl::crypto::isMSCng())
-                {
-                    dwFlags |= CRYPT_ACQUIRE_ONLY_NCRYPT_KEY_FLAG;
-                    phCryptProvOrNCryptKey = &hCryptKey;
-                }
+                DWORD dwFlags = CRYPT_ACQUIRE_COMPARE_KEY_FLAG | CRYPT_ACQUIRE_ONLY_NCRYPT_KEY_FLAG;
+                HCRYPTPROV_OR_NCRYPT_KEY_HANDLE* phCryptProvOrNCryptKey = &hCryptKey;
                 if(!(CryptAcquireCertificatePrivateKey(pCertContext,
                         dwFlags,
                         nullptr,
@@ -977,15 +971,9 @@ sal_Int32 SecurityEnvironment_MSCryptImpl::getCertificateCharacters( const css::
     {
         BOOL    fCallerFreeProv ;
         DWORD   dwKeySpec ;
-        HCRYPTPROV  hProv ;
         NCRYPT_KEY_HANDLE hKey = 0;
-        DWORD dwFlags = 0;
-        HCRYPTPROV_OR_NCRYPT_KEY_HANDLE* phCryptProvOrNCryptKey = &hProv;
-        if (svl::crypto::isMSCng())
-        {
-            dwFlags |= CRYPT_ACQUIRE_ONLY_NCRYPT_KEY_FLAG;
-            phCryptProvOrNCryptKey = &hKey;
-        }
+        DWORD dwFlags = CRYPT_ACQUIRE_ONLY_NCRYPT_KEY_FLAG;
+        HCRYPTPROV_OR_NCRYPT_KEY_HANDLE* phCryptProvOrNCryptKey = &hKey;
         if( CryptAcquireCertificatePrivateKey( pCertContext ,
                    dwFlags,
                    nullptr ,
@@ -995,9 +983,7 @@ sal_Int32 SecurityEnvironment_MSCryptImpl::getCertificateCharacters( const css::
         ) {
             characters |=  css::security::CertificateCharacters::HAS_PRIVATE_KEY ;
 
-            if( hProv != NULL && fCallerFreeProv )
-                CryptReleaseContext( hProv, 0 ) ;
-            else if (hKey && fCallerFreeProv)
+            if (hKey && fCallerFreeProv)
                 NCryptFreeObject(hKey);
         } else {
             characters &= ~ css::security::CertificateCharacters::HAS_PRIVATE_KEY ;
@@ -1056,8 +1042,7 @@ xmlSecKeysMngrPtr SecurityEnvironment_MSCryptImpl::createKeysManager() {
                 m_hMySystemStore = nullptr;
                 throw uno::RuntimeException() ;
             }
-            if (svl::crypto::isMSCng())
-                m_hMySystemStore = nullptr;
+            m_hMySystemStore = nullptr;
         }
 
         //Add system root store into the keys manager.
@@ -1068,8 +1053,7 @@ xmlSecKeysMngrPtr SecurityEnvironment_MSCryptImpl::createKeysManager() {
                 m_hRootSystemStore = nullptr;
                 throw uno::RuntimeException() ;
             }
-            if (svl::crypto::isMSCng())
-                m_hRootSystemStore = nullptr;
+            m_hRootSystemStore = nullptr;
         }
 
         //Add system trusted store into the keys manager.
@@ -1080,8 +1064,7 @@ xmlSecKeysMngrPtr SecurityEnvironment_MSCryptImpl::createKeysManager() {
                 m_hTrustSystemStore = nullptr;
                 throw uno::RuntimeException() ;
             }
-            if (svl::crypto::isMSCng())
-                m_hTrustSystemStore = nullptr;
+            m_hTrustSystemStore = nullptr;
         }
 
         //Add system CA store into the keys manager.
@@ -1092,8 +1075,7 @@ xmlSecKeysMngrPtr SecurityEnvironment_MSCryptImpl::createKeysManager() {
                 m_hCaSystemStore = nullptr;
                 throw uno::RuntimeException() ;
             }
-            if (svl::crypto::isMSCng())
-                m_hCaSystemStore = nullptr;
+            m_hCaSystemStore = nullptr;
         }
     }