Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(12)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/nss/ssl/sslplatf.c

Issue 14772023: Implement TLS 1.2. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Remove an incorrect assertion I added Created 7 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« net/third_party/nss/ssl/ssl3prot.h ('K') | « net/third_party/nss/ssl/sslimpl.h ('k') | net/third_party/nss/ssl/sslproto.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Platform specific crypto wrappers 2 * Platform specific crypto wrappers
3 * 3 *
4 * ***** BEGIN LICENSE BLOCK ***** 4 * ***** BEGIN LICENSE BLOCK *****
5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
6 * 6 *
7 * The contents of this file are subject to the Mozilla Public License Version 7 * The contents of this file are subject to the Mozilla Public License Version
8 * 1.1 (the "License"); you may not use this file except in compliance with 8 * 1.1 (the "License"); you may not use this file except in compliance with
9 * the License. You may obtain a copy of the License at 9 * the License. You may obtain a copy of the License at
10 * http://www.mozilla.org/MPL/ 10 * http://www.mozilla.org/MPL/
(...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after
118 SECItem hashItem; 118 SECItem hashItem;
119 DWORD argLen = 0; 119 DWORD argLen = 0;
120 DWORD signatureLen = 0; 120 DWORD signatureLen = 0;
121 ALG_ID hashAlg = 0; 121 ALG_ID hashAlg = 0;
122 HCRYPTHASH hHash = 0; 122 HCRYPTHASH hHash = 0;
123 DWORD hashLen = 0; 123 DWORD hashLen = 0;
124 unsigned int i = 0; 124 unsigned int i = 0;
125 125
126 buf->data = NULL; 126 buf->data = NULL;
127 127
128 switch (hash->hashAlg) {
129 case SEC_OID_UNKNOWN:
130 hashAlg = 0;
131 break;
132 case SEC_OID_SHA1:
133 hashAlg = CALG_SHA1;
134 break;
135 case SEC_OID_SHA256:
136 hashAlg = CALG_SHA_256;
137 break;
138 case SEC_OID_SHA384:
139 hashAlg = CALG_SHA_384;
140 break;
141 case SEC_OID_SHA512:
142 hashAlg = CALG_SHA_512;
143 break;
144 default:
145 PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM);
146 return SECFailure;
147 }
148
128 switch (keyType) { 149 switch (keyType) {
129 case rsaKey: 150 case rsaKey:
130 hashAlg = CALG_SSL3_SHAMD5; 151 if (hashAlg == 0) {
131 hashItem.data = hash->md5; 152 hashAlg = CALG_SSL3_SHAMD5;
132 hashItem.len = sizeof(SSL3Hashes); 153 }
154 hashItem.data = hash->u.raw;
155 hashItem.len = hash->len;
133 break; 156 break;
134 case dsaKey: 157 case dsaKey:
135 case ecKey: 158 case ecKey:
136 if (keyType == ecKey) { 159 if (keyType == ecKey) {
137 doDerEncode = PR_TRUE; 160 doDerEncode = PR_TRUE;
138 } else { 161 } else {
139 doDerEncode = isTLS; 162 doDerEncode = isTLS;
140 } 163 }
141 hashAlg = CALG_SHA1; 164 if (hashAlg == 0) {
142 hashItem.data = hash->sha; 165 hashAlg = CALG_SHA1;
143 hashItem.len = sizeof(hash->sha); 166 hashItem.data = hash->u.s.sha;
167 hashItem.len = sizeof(hash->u.s.sha);
168 } else {
169 hashItem.data = hash->u.raw;
170 hashItem.len = hash->len;
171 }
144 break; 172 break;
145 default: 173 default:
146 PORT_SetError(SEC_ERROR_INVALID_KEY); 174 PORT_SetError(SEC_ERROR_INVALID_KEY);
147 goto done; 175 goto done;
148 } 176 }
149 PRINT_BUF(60, (NULL, "hash(es) to be signed", hashItem.data, hashItem.len)); 177 PRINT_BUF(60, (NULL, "hash(es) to be signed", hashItem.data, hashItem.len));
150 178
151 if (!CryptCreateHash(key->hCryptProv, hashAlg, 0, 0, &hHash)) { 179 if (!CryptCreateHash(key->hCryptProv, hashAlg, 0, 0, &hHash)) {
152 PORT_SetError(SSL_ERROR_SIGN_HASHES_FAILURE); 180 PORT_SetError(SSL_ERROR_SIGN_HASHES_FAILURE);
153 goto done; 181 goto done;
(...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after
261 if (signatureLen == 0) { 289 if (signatureLen == 0) {
262 PORT_SetError(SEC_ERROR_INVALID_KEY); 290 PORT_SetError(SEC_ERROR_INVALID_KEY);
263 goto done; 291 goto done;
264 } 292 }
265 293
266 buf->data = (unsigned char *)PORT_Alloc(signatureLen); 294 buf->data = (unsigned char *)PORT_Alloc(signatureLen);
267 if (!buf->data) 295 if (!buf->data)
268 goto done; /* error code was set. */ 296 goto done; /* error code was set. */
269 297
270 sigAlg = cssmKey->KeyHeader.AlgorithmId; 298 sigAlg = cssmKey->KeyHeader.AlgorithmId;
299 if (keyType == rsaKey) {
300 switch (hash->hashAlg) {
301 case SEC_OID_UNKNOWN:
302 PORT_Assert(sigAlg == CSSM_ALGID_RSA);
303 break;
304 case SEC_OID_SHA1:
305 sigAlg = CSSM_ALGID_SHA1WithRSA;
306 break;
307 case SEC_OID_SHA224:
308 sigAlg = CSSM_ALGID_SHA224WithRSA;
309 break;
310 case SEC_OID_SHA256:
311 sigAlg = CSSM_ALGID_SHA256WithRSA;
312 break;
313 case SEC_OID_SHA384:
314 sigAlg = CSSM_ALGID_SHA384WithRSA;
315 break;
316 case SEC_OID_SHA512:
317 sigAlg = CSSM_ALGID_SHA512WithRSA;
318 break;
319 default:
320 PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM);
321 goto done;
322 }
323 }
324
271 switch (keyType) { 325 switch (keyType) {
272 case rsaKey: 326 case rsaKey:
273 PORT_Assert(sigAlg == CSSM_ALGID_RSA); 327 hashData.Data = hash->u.raw;
274 hashData.Data = hash->md5; 328 hashData.Length = hash->len;
275 hashData.Length = sizeof(SSL3Hashes);
276 break; 329 break;
277 case dsaKey: 330 case dsaKey:
278 case ecKey: 331 case ecKey:
279 if (keyType == ecKey) { 332 if (keyType == ecKey) {
280 PORT_Assert(sigAlg == CSSM_ALGID_ECDSA); 333 PORT_Assert(sigAlg == CSSM_ALGID_ECDSA);
281 doDerEncode = PR_TRUE; 334 doDerEncode = PR_TRUE;
282 } else { 335 } else {
283 PORT_Assert(sigAlg == CSSM_ALGID_DSA); 336 PORT_Assert(sigAlg == CSSM_ALGID_DSA);
284 doDerEncode = isTLS; 337 doDerEncode = isTLS;
285 } 338 }
286 hashData.Data = hash->sha; 339 if (hash->hashAlg == SEC_OID_UNKNOWN) {
287 hashData.Length = sizeof(hash->sha); 340 hashData.Data = hash->u.s.sha;
341 hashData.Length = sizeof(hash->u.s.sha);
342 } else {
343 hashData.Data = hash->u.raw;
344 hashData.Length = hash->len;
345 }
288 break; 346 break;
289 default: 347 default:
290 PORT_SetError(SEC_ERROR_INVALID_KEY); 348 PORT_SetError(SEC_ERROR_INVALID_KEY);
291 goto done; 349 goto done;
292 } 350 }
293 PRINT_BUF(60, (NULL, "hash(es) to be signed", hashData.Data, hashData.Length )); 351 PRINT_BUF(60, (NULL, "hash(es) to be signed", hashData.Data, hashData.Length ));
294 352
295 /* TODO(rsleevi): Should it be kSecCredentialTypeNoUI? In Win32, at least, 353 /* TODO(rsleevi): Should it be kSecCredentialTypeNoUI? In Win32, at least,
296 * you can prevent the UI by setting the provider handle on the 354 * you can prevent the UI by setting the provider handle on the
297 * certificate to be opened with CRYPT_SILENT, but is there an equivalent? 355 * certificate to be opened with CRYPT_SILENT, but is there an equivalent?
(...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after
374 SECStatus 432 SECStatus
375 ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf, 433 ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf,
376 PRBool isTLS, KeyType keyType) 434 PRBool isTLS, KeyType keyType)
377 { 435 {
378 PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); 436 PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
379 return SECFailure; 437 return SECFailure;
380 } 438 }
381 #endif 439 #endif
382 440
383 #endif /* NSS_PLATFORM_CLIENT_AUTH */ 441 #endif /* NSS_PLATFORM_CLIENT_AUTH */
OLDNEW
« net/third_party/nss/ssl/ssl3prot.h ('K') | « net/third_party/nss/ssl/sslimpl.h ('k') | net/third_party/nss/ssl/sslproto.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698