Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(666)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/third_party/nss/ssl/sslplatf.c

Issue 14772023: Implement TLS 1.2. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Update new code in sslplatf.c. Remove SHA-224 support. Add patch files. Created 7 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/third_party/nss/ssl/sslimpl.h ('k') | net/third_party/nss/ssl/sslproto.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/third_party/nss/ssl/sslplatf.c
===================================================================
--- net/third_party/nss/ssl/sslplatf.c (revision 202696)
+++ net/third_party/nss/ssl/sslplatf.c (working copy)
@@ -212,9 +212,8 @@
DWORD dwFlags = 0;
VOID *pPaddingInfo = NULL;
- /* Always encode using PKCS#1 block type, with no OID/encoded DigestInfo */
+ /* Always encode using PKCS#1 block type. */
BCRYPT_PKCS1_PADDING_INFO rsaPaddingInfo;
- rsaPaddingInfo.pszAlgId = NULL;
if (key->dwKeySpec != CERT_NCRYPT_KEY_SPEC) {
PR_SetError(SEC_ERROR_LIBRARY_FAILURE, 0);
@@ -227,8 +226,29 @@
switch (keyType) {
case rsaKey:
- hashItem.data = hash->md5;
- hashItem.len = sizeof(SSL3Hashes);
+ switch (hash->hashAlg) {
+ case SEC_OID_UNKNOWN:
+ /* No OID/encoded DigestInfo. */
+ rsaPaddingInfo.pszAlgId = NULL;
+ break;
+ case SEC_OID_SHA1:
+ rsaPaddingInfo.pszAlgId = BCRYPT_SHA1_ALGORITHM;
+ break;
+ case SEC_OID_SHA256:
+ rsaPaddingInfo.pszAlgId = BCRYPT_SHA256_ALGORITHM;
+ break;
+ case SEC_OID_SHA384:
+ rsaPaddingInfo.pszAlgId = BCRYPT_SHA384_ALGORITHM;
+ break;
+ case SEC_OID_SHA512:
+ rsaPaddingInfo.pszAlgId = BCRYPT_SHA512_ALGORITHM;
+ break;
+ default:
+ PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM);
+ return SECFailure;
+ }
+ hashItem.data = hash->u.raw;
+ hashItem.len = hash->len;
dwFlags = BCRYPT_PAD_PKCS1;
pPaddingInfo = &rsaPaddingInfo;
break;
@@ -239,8 +259,13 @@
} else {
doDerEncode = isTLS;
}
- hashItem.data = hash->sha;
- hashItem.len = sizeof(hash->sha);
+ if (hash->hashAlg == SEC_OID_UNKNOWN) {
+ hashItem.data = hash->u.s.sha;
+ hashItem.len = sizeof(hash->u.s.sha);
+ } else {
+ hashItem.data = hash->u.raw;
+ hashItem.len = hash->len;
+ }
break;
default:
PORT_SetError(SEC_ERROR_INVALID_KEY);
@@ -315,11 +340,34 @@
buf->data = NULL;
+ switch (hash->hashAlg) {
+ case SEC_OID_UNKNOWN:
+ hashAlg = 0;
+ break;
+ case SEC_OID_SHA1:
+ hashAlg = CALG_SHA1;
+ break;
+ case SEC_OID_SHA256:
+ hashAlg = CALG_SHA_256;
+ break;
+ case SEC_OID_SHA384:
+ hashAlg = CALG_SHA_384;
+ break;
+ case SEC_OID_SHA512:
+ hashAlg = CALG_SHA_512;
+ break;
+ default:
+ PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM);
+ return SECFailure;
+ }
+
switch (keyType) {
case rsaKey:
- hashAlg = CALG_SSL3_SHAMD5;
- hashItem.data = hash->md5;
- hashItem.len = sizeof(SSL3Hashes);
+ if (hashAlg == 0) {
+ hashAlg = CALG_SSL3_SHAMD5;
+ }
+ hashItem.data = hash->u.raw;
+ hashItem.len = hash->len;
break;
case dsaKey:
case ecKey:
@@ -328,9 +376,14 @@
} else {
doDerEncode = isTLS;
}
- hashAlg = CALG_SHA1;
- hashItem.data = hash->sha;
- hashItem.len = sizeof(hash->sha);
+ if (hashAlg == 0) {
+ hashAlg = CALG_SHA1;
+ hashItem.data = hash->u.s.sha;
+ hashItem.len = sizeof(hash->u.s.sha);
+ } else {
+ hashItem.data = hash->u.raw;
+ hashItem.len = hash->len;
+ }
break;
default:
PORT_SetError(SEC_ERROR_INVALID_KEY);
@@ -468,11 +521,36 @@
goto done; /* error code was set. */
sigAlg = cssmKey->KeyHeader.AlgorithmId;
+ if (keyType == rsaKey) {
+ switch (hash->hashAlg) {
+ case SEC_OID_UNKNOWN:
+ PORT_Assert(sigAlg == CSSM_ALGID_RSA);
Ryan Sleevi 2013/05/29 22:21:49 I'm curious why you put the assert here, rather th
wtc 2013/05/29 23:26:34 This is because the other cases will change sigAlg
+ break;
+ case SEC_OID_SHA1:
+ sigAlg = CSSM_ALGID_SHA1WithRSA;
+ break;
+ case SEC_OID_SHA224:
+ sigAlg = CSSM_ALGID_SHA224WithRSA;
+ break;
+ case SEC_OID_SHA256:
+ sigAlg = CSSM_ALGID_SHA256WithRSA;
+ break;
+ case SEC_OID_SHA384:
+ sigAlg = CSSM_ALGID_SHA384WithRSA;
+ break;
+ case SEC_OID_SHA512:
+ sigAlg = CSSM_ALGID_SHA512WithRSA;
+ break;
+ default:
+ PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM);
+ goto done;
+ }
+ }
+
switch (keyType) {
case rsaKey:
- PORT_Assert(sigAlg == CSSM_ALGID_RSA);
- hashData.Data = hash->md5;
- hashData.Length = sizeof(SSL3Hashes);
+ hashData.Data = hash->u.raw;
+ hashData.Length = hash->len;
break;
case dsaKey:
case ecKey:
@@ -483,8 +561,13 @@
PORT_Assert(sigAlg == CSSM_ALGID_DSA);
doDerEncode = isTLS;
}
- hashData.Data = hash->sha;
- hashData.Length = sizeof(hash->sha);
+ if (hash->hashAlg == SEC_OID_UNKNOWN) {
+ hashData.Data = hash->u.s.sha;
+ hashData.Length = sizeof(hash->u.s.sha);
+ } else {
+ hashData.Data = hash->u.raw;
+ hashData.Length = hash->len;
+ }
break;
default:
PORT_SetError(SEC_ERROR_INVALID_KEY);
« no previous file with comments | « net/third_party/nss/ssl/sslimpl.h ('k') | net/third_party/nss/ssl/sslproto.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698