| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/ssl/openssl_platform_key.h" | 5 #include "net/ssl/openssl_platform_key.h" |
| 6 | 6 |
| 7 #include <windows.h> | 7 #include <windows.h> |
| 8 #include <NCrypt.h> | 8 #include <NCrypt.h> |
| 9 | 9 |
| 10 #include <string.h> | 10 #include <string.h> |
| (...skipping 299 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 310 } | 310 } |
| 311 if (hash_len != in_len) { | 311 if (hash_len != in_len) { |
| 312 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED); | 312 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED); |
| 313 return 0; | 313 return 0; |
| 314 } | 314 } |
| 315 if (!CryptSetHashParam(hash.get(), HP_HASHVAL, const_cast<BYTE*>(in), 0)) { | 315 if (!CryptSetHashParam(hash.get(), HP_HASHVAL, const_cast<BYTE*>(in), 0)) { |
| 316 PLOG(ERROR) << "CryptSetHashParam HP_HASHVAL failed"; | 316 PLOG(ERROR) << "CryptSetHashParam HP_HASHVAL failed"; |
| 317 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED); | 317 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED); |
| 318 return 0; | 318 return 0; |
| 319 } | 319 } |
| 320 DWORD signature_len = RSA_size(rsa); | 320 // Determine the output length. |
| 321 DWORD signature_len = 0; |
| 322 if (!CryptSignHash(hash.get(), ex_data->key->dwKeySpec, nullptr, 0, nullptr, |
| 323 &signature_len)) { |
| 324 PLOG(ERROR) << "CryptSignHash failed"; |
| 325 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED); |
| 326 return 0; |
| 327 } |
| 328 if (signature_len == 0 || signature_len > RSA_size(rsa)) { |
| 329 LOG(ERROR) << "Bad signature length"; |
| 330 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED); |
| 331 return 0; |
| 332 } |
| 333 // Sign the hash. |
| 321 if (!CryptSignHash(hash.get(), ex_data->key->dwKeySpec, nullptr, 0, out, | 334 if (!CryptSignHash(hash.get(), ex_data->key->dwKeySpec, nullptr, 0, out, |
| 322 &signature_len)) { | 335 &signature_len)) { |
| 323 PLOG(ERROR) << "CryptSignHash failed"; | 336 PLOG(ERROR) << "CryptSignHash failed"; |
| 324 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED); | 337 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED); |
| 325 return 0; | 338 return 0; |
| 326 } | 339 } |
| 327 | 340 |
| 328 /* CryptoAPI signs in little-endian, so reverse it. */ | 341 /* CryptoAPI signs in little-endian, so reverse it. */ |
| 329 std::reverse(out, out + signature_len); | 342 std::reverse(out, out + signature_len); |
| 330 *out_len = signature_len; | 343 *out_len = signature_len; |
| (...skipping 304 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 635 case EVP_PKEY_RSA: | 648 case EVP_PKEY_RSA: |
| 636 return CreateRSAWrapper(key.Pass(), key_length); | 649 return CreateRSAWrapper(key.Pass(), key_length); |
| 637 case EVP_PKEY_EC: | 650 case EVP_PKEY_EC: |
| 638 return CreateECDSAWrapper(key.Pass(), key_length); | 651 return CreateECDSAWrapper(key.Pass(), key_length); |
| 639 default: | 652 default: |
| 640 return nullptr; | 653 return nullptr; |
| 641 } | 654 } |
| 642 } | 655 } |
| 643 | 656 |
| 644 } // namespace net | 657 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1156173008:
Call CryptSignHash twice in client certificate logic. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@capi-leak