[webkit-reviews] review denied: [Bug 27543] Add platform/wince/ files for WINCE port : [Attachment 34381] 7) Keygen (Security)

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sat Aug 8 11:38:46 PDT 2009 

George Staikos <staikos at kde.org> has denied Yong Li <yong.li at torchmobile.com>'s
request for review:
Bug 27543: Add platform/wince/ files for WINCE port
https://bugs.webkit.org/show_bug.cgi?id=27543

Attachment 34381: 7) Keygen (Security)
https://bugs.webkit.org/attachment.cgi?id=34381&action=review

------- Additional Comments from George Staikos <staikos at kde.org>
For some meaningful review,

>> +#include "config.h"
> +#include "SSLKeyGenerator.h"
> +
> +#include "Base64.h"
> +#include "CString.h"
> +
> +#include <windows.h>
> +#include <wincrypt.h>

Is this out of order by design?

> +
> +#define KEYGEN_DEBUG_KEY	   0x00000001
> +
> +#ifndef NDEBUG
> +#define KEYGEN_DEBUG    (0)
> +#else
> +#define KEYGEN_DEBUG    0
> +#endif

This is odd.  Why 0 or 0?  I think we need to do better on the debug scheme.

> +String WebCore::signedPublicKeyAndChallengeString(unsigned index, const
String& challenge, const KURL& url)
> +{
> +    String keystr;
> +
> +    HCRYPTPROV hProv = 0;
> +    HCRYPTKEY hKey = 0;
> +    PCERT_PUBLIC_KEY_INFO pPubInfo = 0;
> +    DWORD dwPubInfoLength = 0;
> +    CERT_KEYGEN_REQUEST_INFO requestInfo;
> +    CRYPT_ALGORITHM_IDENTIFIER signAlgo;
> +    LPBYTE pbEncoded = 0;
> +    DWORD dwEncodedLength = 0;
> +    LPWSTR pszString = 0;
> +    Vector<char> binary;
> +    Vector<char> base64;

A good number of these can be moved to the relevant area so we don't lose track
of what they're used for and if they're no-longer used.

> +    BOOL success = CryptAcquireContext(&hProv, _T("keygen_container"),
MS_ENHANCED_PROV, PROV_RSA_FULL, CRYPT_NEWKEYSET);
> +    if (!success)
> +	   goto error;

   Can we do better than lots of gotos?

> +    pPubInfo = (PCERT_PUBLIC_KEY_INFO) new char[dwPubInfoLength];
> +    if (!pPubInfo)
> +	   goto error;

  No need to check new return.

> +    if (challenge.length()) {
> +	   pszString = new WCHAR[challenge.length() + 1];
> +	   if (pszString) {

   Same.

> +    pbEncoded = (LPBYTE) new char[dwEncodedLength];
> +    if (!pbEncoded)
> +	   goto error;

   Same

> +error:
> +    if (pszString)
> +	   delete[] pszString;
> +    if (pbEncoded)
> +	   delete[] pbEncoded;
> +    if (pPubInfo)
> +	   delete[] pPubInfo;

   Those if() are redundant

More information about the webkit-reviews mailing list